Hi, I have read with interest all the responses and followed all the links. However, I realized something that I think we all (well, at least myself) forgot about ... and that is the importance of choosing a proper username ...
Authentication (usually) is a 2 step process ... as we all know ... a username and a password ... and since ssh is (mostly) referred to here ... we can accept that it is most definately a 2 step process ... So ... if I know the username I am already halfway there ... I just need to get the OTHER remainig 50% (by breaking the password) ... and (like someone mentioned) it will take immensely long for someone to break a 10 (I think it was 10) character password ... then why is the importance of a good username ignored ... if I have a (creepy) username of 10 characters it will take a black hat twice as long to get what he wants ... or am I misleading myself (and others) here ... are we not putting too much emphasis/pressure on a good password where the pressure could be spread between the username AND password ... just asking ... Someone also mentioned black-hats ... I think that black-hats are a necessary evil ... just like lawyers ;) ... I understand some mechanical things better than others, like hydraulics and pneumatics ... mechanical engineering is no obstacle to me ... however ... I have difficulty in getting my head wrapped around things like squid, iptables, procmail, regexp ... some of you have no difficulty in any of these but have difficulty in mechanical stuff ... it is supposed to be like that ... when I think of black-hats I think of the green Matrix screen ... they are a special breed ... they see things that white hats don't see because it is their nature ... Just like car mechanics can tune/alter an engine so can black-hats tune alter a TCP/IP stream/payload ... Am I right in saying that there is actually nothing new when it comes to networking ... hear me out ... the internet (and most networks out there) still works on TCP/IP which is 40 odd years old (70's) ... a car mechanic only needs to know how an engine works ... you can bolt on many other things onto an engine and add a pletora of sensors to it but essentially it remains an engine ... if you understand the way an engine or an automatic/manual transmission works you can confidently service/overhaul any engine/transmission because they all are made up of the same stuff and they all work the same ... and this is my point with TCP/IP ... EVERYTHING is dumped on top of TCP/IP ... yet it remains the same ... a black hat only needs to know TCP/IP in order to knock on your door ... once he knocked on your door it means that he has found you ... he knows you are there ... all he has to do is look at the Matrix screen ... am I making sense? ... Have a nice day Danny -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150113171319.GA31019@fever.havannah.local
