On 22 Mar 2024 20:01 -0400, from ler...@gmail.com (Lee):
> The IPv4 address space is only 32 bits long. Scanning 2^32 = about
> 4,000,000,000 addresses for an open port is easily doable.
> The IPv6 address space is a bit harder... Let's just say that 7/8th
> of the IPv6 address space is reserved[
On 22 Mar 2024 17:26 +0500, from avbe...@gmail.com (Alexander V. Makartsev):
> This is because of how IPv4 network address translation (NAT) works, to
> allow multiple LAN hosts to connect to Internet with single IP address
> assigned by Internet Service Provider (ISP).
A NAT router might also
On Fri, Mar 22, 2024 at 9:02 AM Jan Krapivin wrote:
>
> The thing that bothers me are words: "any computer (and a fortiori any
> server) connected to the Internet is regularly targeted by automated
> connection attempts"
Change it to "any computer (and a fortiori any server) >>using IPv4
and di
On 22.03.2024 14:57, Jan Krapivin wrote:
чт, 21 мар. 2024 г. в 22:34, Alexander V. Makartsev :
This conclusion seems less than optimal to me.
By condemning yourself to type 12+ character password every time
you 'sudo' would really hurt accessibility and usability of your
home c
On Fri, 22 Mar 2024 12:57:20 +0300
Jan Krapivin wrote:
> чт, 21 мар. 2024 г. в 22:34, Alexander V. Makartsev
> :
>
> > This conclusion seems less than optimal to me.
> > By condemning yourself to type 12+ character password every time you
> > 'sudo' would really hurt accessibility and usability
чт, 21 мар. 2024 г. в 22:34, Alexander V. Makartsev :
> This conclusion seems less than optimal to me.
> By condemning yourself to type 12+ character password every time you
> 'sudo' would really hurt accessibility and usability of your home computer
> and for no good reason.
>
> If we focus solel
On 20.03.2024 20:28, Jan Krapivin wrote:
I must mention that "32 characters" is only my guess.
In the Handbook it is said: "The root user's password should be long
(12 characters or more) and impossible to guess."
Also, i must again say that in my case we speak just about a humble
home deskt
>
> You don't need a threat model to understand why writing a password on a
> paper is generally a bad practice.
>
> But since you invest this much energy on defending a bad practice, I'll
> let you keep the trend alone.
>
I have written down key passwords which I keep in my wallet. To get my
wall
On Wed, Mar 20, 2024 at 3:50 PM Pierre-Elliott Bécue wrote:
>
> De : Lee
> À : Pierre-Elliott Bécue
> Cc : Debian Users ML
> Date : 20 mars 2024 20:40:52
> Objet : Re: Root password strength
>
> > On Wed, Mar 20, 2024 at 1:47 PM Pierre-Elliott Bécue wrote:
> >
On Wed, Mar 20, 2024 at 2:34 PM Pierre-Elliott Bécue wrote:
>
> Jeffrey Walton wrote on 20/03/2024 at 19:16:16+0100:
>
> [...]
> >> Noone asks someone to remember more than two or three passwords. The
> >> rest belongs to a password manager.
> >
> > Huh? This is discussed in detail in Peter Gutm
De : Lee
À : Pierre-Elliott Bécue
Cc : Debian Users ML
Date : 20 mars 2024 20:40:52
Objet : Re: Root password strength
> On Wed, Mar 20, 2024 at 1:47 PM Pierre-Elliott Bécue wrote:
>>
>> Brad Rogers wrote on 20/03/2024 at 18:39:30+0100:
>>> On Wed, 20 Mar 2024 1
On Wed, Mar 20, 2024 at 1:47 PM Pierre-Elliott Bécue wrote:
>
> Brad Rogers wrote on 20/03/2024 at 18:39:30+0100:
> > On Wed, 20 Mar 2024 17:09:31 +0100
> > Pierre-Elliott Bécue wrote:
> >
> > Hello Pierre-Elliott,
> >
> >>Most of the time, writing down a password is a very bad idea.
> >
> > Not
John Hasler wrote on 20/03/2024 at 19:35:42+0100:
> Pierre-Elliott Bécue writes:
>> My home sees plenty different people coming in. Some I trust, some I
>> trust less. Also videocalls is a nice way to get a paper password
>> recorded (and yes it happens).
>
> I keep my passwords in a small book t
tomas writes:
> Actually, I use between pwgen -n 8 (user pw) and pwgen -n 16 (LUKS
> encryption).
-n is the default for pwgen. Note that this slightly reduces the size
of the search space. Unfortunately many sites require it.
> I memorize the most important of them.
I memorize the ones I use m
Brad Rogers wrote on 20/03/2024 at 19:03:48+0100:
> [[PGP Signed Part:No public key for 0F3EE001F02A3E20 created at
> 2024-03-20T19:03:48+0100 using RSA]]
> On Wed, 20 Mar 2024 18:46:04 +0100
> Pierre-Elliott Bécue wrote:
>
> Hello Pierre-Elliott,
>
>>You have a rather bad cybersecurity approac
Pierre-Elliott Bécue writes:
> My home sees plenty different people coming in. Some I trust, some I
> trust less. Also videocalls is a nice way to get a paper password
> recorded (and yes it happens).
I keep my passwords in a small book the size of a passport and I secure
it the same way I secure
Jeffrey Walton wrote on 20/03/2024 at 19:16:16+0100:
> On Wed, Mar 20, 2024 at 1:45 PM Pierre-Elliott Bécue wrote:
>>
>>
>> Jeffrey Walton wrote on 20/03/2024 at 18:30:34+0100:
>>
>> > On Wed, Mar 20, 2024 at 12:51 PM Pierre-Elliott Bécue
>> > wrote:
>> >>
>> >> Jeffrey Walton wrote on 20/03
On Wed, 20 Mar 2024 18:46:04 +0100
Pierre-Elliott Bécue wrote:
Hello Pierre-Elliott,
>You have a rather bad cybersecurity approach.
I use password generators and vaults for all my passwords. Nothing
wrong with my cyber-security.
Also note that I put 'written down' in single quotes - it was me
Michael Kjörling <2695bd53d...@ewoof.net> wrote on 20/03/2024 at 19:04:10+0100:
> On 20 Mar 2024 18:46 +0100, from p...@debian.org (Pierre-Elliott Bécue):
Most of the time, writing down a password is a very bad idea.
>>>
>>> Not in your own home. And in any event, it depends where one keeps
On Wed, Mar 20, 2024 at 1:45 PM Pierre-Elliott Bécue wrote:
>
>
> Jeffrey Walton wrote on 20/03/2024 at 18:30:34+0100:
>
> > On Wed, Mar 20, 2024 at 12:51 PM Pierre-Elliott Bécue
> > wrote:
> >>
> >> Jeffrey Walton wrote on 20/03/2024 at 17:19:46+0100:
> >>
> >> > On Wed, Mar 20, 2024 at 12:09
On 20 Mar 2024 17:07 +0100, from p...@debian.org (Pierre-Elliott Bécue):
> Let's stop to overcomplexify, the best course of action for passwords
> you need to remember are passphrases, and to this matter, Randall nailed
> the matter properly.
If you're referring to https://xkcd.com/936/ I believe
On 20 Mar 2024 18:46 +0100, from p...@debian.org (Pierre-Elliott Bécue):
>>> Most of the time, writing down a password is a very bad idea.
>>
>> Not in your own home. And in any event, it depends where one keeps that
>> 'written down' password.
>>
>> And if it *does* become an issue at home, you
On Wed, Mar 20, 2024 at 11:02:41AM -0500, John Hasler wrote:
> Use one of the password generating programs such as pwgen to produce a
> 12 character random password. Write it down.
Actually, I use between pwgen -n 8 (user pw) and pwgen -n 16 (LUKS encryption).
I memorize the most important of the
Brad Rogers wrote on 20/03/2024 at 18:39:30+0100:
> On Wed, 20 Mar 2024 17:09:31 +0100
> Pierre-Elliott Bécue wrote:
>
> Hello Pierre-Elliott,
>
>>Most of the time, writing down a password is a very bad idea.
>
> Not in your own home. And in any event, it depends where one keeps that
> 'written
Jeffrey Walton wrote on 20/03/2024 at 18:30:34+0100:
> On Wed, Mar 20, 2024 at 12:51 PM Pierre-Elliott Bécue wrote:
>>
>> Jeffrey Walton wrote on 20/03/2024 at 17:19:46+0100:
>>
>> > On Wed, Mar 20, 2024 at 12:09 PM Pierre-Elliott Bécue
>> > wrote:
>> >>
>> >> John Hasler wrote on 20/03/202
On Wed, 20 Mar 2024 17:09:31 +0100
Pierre-Elliott Bécue wrote:
Hello Pierre-Elliott,
>Most of the time, writing down a password is a very bad idea.
Not in your own home. And in any event, it depends where one keeps that
'written down' password.
And if it *does* become an issue at home, you've
On Wed, Mar 20, 2024 at 12:51 PM Pierre-Elliott Bécue wrote:
>
> Jeffrey Walton wrote on 20/03/2024 at 17:19:46+0100:
>
> > On Wed, Mar 20, 2024 at 12:09 PM Pierre-Elliott Bécue
> > wrote:
> >>
> >> John Hasler wrote on 20/03/2024 at 16:58:01+0100:
> >>
> >> > Pierre-Elliott Bécue writes:
> >>
John Hasler wrote on 20/03/2024 at 17:21:20+0100:
> Pierre-Elliott Bécue writes:
>> Writing down a password is a bad idea.
>
> Why?
Because anyone falling on the paper with the password can do a lot of
harm. Because you can't control what this paper will become with
certainty, while it's easier
Jeffrey Walton wrote on 20/03/2024 at 17:19:46+0100:
> On Wed, Mar 20, 2024 at 12:09 PM Pierre-Elliott Bécue wrote:
>>
>> John Hasler wrote on 20/03/2024 at 16:58:01+0100:
>>
>> > Pierre-Elliott Bécue writes:
>> >> A phrase you will easily remember but that would be hardcore to guess
>> >> thro
On 20/03/2024 23:19, Jeffrey Walton wrote:
The network attacker cannot (yet) reach through a
monitor and read a sticky note.
It may be visible during a video call performed from a smartphone.
Pierre-Elliott Bécue writes:
> Writing down a password is a bad idea.
Why?
--
John Hasler
j...@sugarbit.com
Elmwood, WI USA
On Wed, Mar 20, 2024 at 12:09 PM Pierre-Elliott Bécue wrote:
>
> John Hasler wrote on 20/03/2024 at 16:58:01+0100:
>
> > Pierre-Elliott Bécue writes:
> >> A phrase you will easily remember but that would be hardcore to guess
> >> through social engineering is perfect.
> >
> > Better is a random s
John Hasler wrote on 20/03/2024 at 17:02:41+0100:
> Use one of the password generating programs such as pwgen to produce a
> 12 character random password. Write it down.
Most of the time, writing down a password is a very bad idea.
--
PEB
signature.asc
Description: PGP signature
John Hasler wrote on 20/03/2024 at 16:58:01+0100:
> Pierre-Elliott Bécue writes:
>> A phrase you will easily remember but that would be hardcore to guess
>> through social engineering is perfect.
>
> Better is a random string that you write down. When people try to
> generate phrases that meet t
Use one of the password generating programs such as pwgen to produce a
12 character random password. Write it down.
--
John Hasler
j...@sugarbit.com
Elmwood, WI USA
On 20 Mar 2024 10:58 -0500, from j...@sugarbit.com (John Hasler):
>> A phrase you will easily remember but that would be hardcore to guess
>> through social engineering is perfect.
>
> Better is a random string that you write down. When people try to
> generate phrases that meet those requirement
Pierre-Elliott Bécue writes:
> A phrase you will easily remember but that would be hardcore to guess
> through social engineering is perfect.
Better is a random string that you write down. When people try to
generate phrases that meet those requirements they usually fail.
--
John Hasler
j...@su
Michael Kjörling <2695bd53d...@ewoof.net> wrote on 20/03/2024 at 16:16:41+0100:
> On 20 Mar 2024 15:45 +0100, from p...@debian.org (Pierre-Elliott Bécue):
>>> it should be like 32 symbols with special symbols? Or this paragraph
>>> in a handbook is rather paranoid?
>>
>> It's not paranoid.
>
> F
I must mention that "32 characters" is only my guess.
In the Handbook it is said: "The root user's password should be long (12
characters or more) and impossible to guess."
Also, i must again say that in my case we speak just about a humble home
desktop, without a ""ssh" access"" or whatever comp
On 20 Mar 2024 15:45 +0100, from p...@debian.org (Pierre-Elliott Bécue):
>> it should be like 32 symbols with special symbols? Or this paragraph
>> in a handbook is rather paranoid?
>
> It's not paranoid.
For 82 symbols (mixed-case alphanumeric plus 20 special characters),
32 characters is equiv
Jan Krapivin wrote on 19/03/2024 at 15:42:55+0100:
> I read Debian Administrator's handbook now. And there are such words:
>
> The root user's password should be long (12 characters or more) and
> impossible to guess. Indeed, any computer (and a fortiori any server)
> connected to the Intern
On Wed, Mar 20, 2024 at 09:23:58AM -0400, Jeffrey Walton wrote:
[...]
> > Also, are you saying that you do not let users rotate their keys
> > themselves; and if so, why on Earth not?
>
> Key continuity has turned out to be a better security property than
> key rotation. It is wise to avoid grat
On Wed, Mar 20, 2024 at 7:03 AM Michael Kjörling <2695bd53d...@ewoof.net> wrote:
>
> On 20 Mar 2024 15:46 +0800, from jeremy.ard...@gmail.com (jeremy ardley):
> > Regarding certificates, I issue VPN certificates to be installed on each
> > remote device. I don't use public key.
>
> What exactly is
jeremy ardley wrote:
>
> On 20/3/24 19:03, Michael Kjörling wrote:
> > On 20 Mar 2024 15:46 +0800, fromjeremy.ard...@gmail.com (jeremy ardley):
> > > [users are locked out from uploading their public key using ssh-copy-id]
> > So the private keys aren't private, thereby invalidating a lot of
> >
On 20 Mar 2024 12:17 +0100, from to...@tuxteam.de:
>>> For ssh use I issue secret keys to each user and maintain matching public
>>> keys in LDAP servers [...]
>
>> So the private keys aren't private, thereby invalidating a lot of
>> assumptions inherent in public key cryptography.
>
> We are usi
On 20 Mar 2024 19:21 +0800, from jeremy.ard...@gmail.com (jeremy ardley):
>>> Regarding certificates, I issue VPN certificates to be installed on each
>>> remote device. I don't use public key.
>>
>> What exactly is this "certificate" that you speak of? In typical
>> usage, it means a public key p
On 20/3/24 19:03, Michael Kjörling wrote:
On 20 Mar 2024 15:46 +0800, fromjeremy.ard...@gmail.com (jeremy ardley):
Regarding certificates, I issue VPN certificates to be installed on each
remote device. I don't use public key.
What exactly is this "certificate" that you speak of? In typical
On Wed, Mar 20, 2024 at 11:03:16AM +, Michael Kjörling wrote:
> On 20 Mar 2024 15:46 +0800, from jeremy.ard...@gmail.com (jeremy ardley):
> > Regarding certificates, I issue VPN certificates to be installed on each
> > remote device. I don't use public key.
>
> What exactly is this "certificat
On 20 Mar 2024 15:46 +0800, from jeremy.ard...@gmail.com (jeremy ardley):
> Regarding certificates, I issue VPN certificates to be installed on each
> remote device. I don't use public key.
What exactly is this "certificate" that you speak of? In typical
usage, it means a public key plus some surr
On 20/3/24 13:32, to...@tuxteam.de wrote:
How will a "VPN" with a "certificate" (whatever that means in this > context) be more secure than a SSH (assuming key pair
authentication, > not password)? > > They are doing the same dance (key
exchange, key pair validation, > session key establishme
On Wed, Mar 20, 2024 at 02:01:44AM -0400, Jeffrey Walton wrote:
> On Wed, Mar 20, 2024 at 1:32 AM wrote:
> >
> > On Wed, Mar 20, 2024 at 04:22:29AM +0800, jeremy ardley wrote:
> >
> > > A 'safer' implementation will not even expose an ssh port. Instead there
> > > will be a certificate based VPN w
On Wed, Mar 20, 2024 at 1:32 AM wrote:
>
> On Wed, Mar 20, 2024 at 04:22:29AM +0800, jeremy ardley wrote:
>
> > A 'safer' implementation will not even expose an ssh port. Instead there
> > will be a certificate based VPN where you first need a certificate to
> > connect and then you need a separat
On Wed, Mar 20, 2024 at 04:22:29AM +0800, jeremy ardley wrote:
> A 'safer' implementation will not even expose an ssh port. Instead there
> will be a certificate based VPN where you first need a certificate to
> connect and then you need a separate certificate to log in as root. A
> further enhanc
Michael Kjörling <2695bd53d...@ewoof.net> wrote:
> For most values of "you", most attackers don't care about _your_
> account, or _your_ system; they care about _any_ account, or _any_
> system. Actually targeted attacks do happen, but very rarely compared
> to what might be thought of as attacker
On 19/3/24 23:02, Greg Wooledge wrote:
On Tue, Mar 19, 2024 at 05:42:55PM +0300, Jan Krapivin wrote:
The root user's password should be long (12 characters or more) and
impossible to guess. Indeed, any computer (and a fortiori any server)
connected to the Internet is regularly targeted by auto
On Tue, Mar 19, 2024 at 03:49:06PM +, debian-u...@howorth.org.uk wrote:
> Dan Ritter wrote:
> > Check whether you are running ssh:
> >
> > /sbin/service ssh status
>
> It's not called ssh; it is sshd
> Also nowadays it's more usual to say
>
> $ systemctl status sshd
On Debian, the systemd
On 19 Mar 2024 17:42 +0300, from daydreamer199...@gmail.com (Jan Krapivin):
> The thing is my password is very easy now, and i haven't thought about
> *"automated
> connection attempts"*, that sounds rather... scary? My password is easy
> because i am not afraid of direct physical access to the com
Dan Ritter wrote:
> Jan Krapivin wrote:
> > I read Debian Administrator's handbook now. And there are such
> > words:
> >
> > The root user's password should be long (12 characters or more) and
> > impossible to guess.
> ...
>
>
> > The thing is my password is very easy now, and i haven't
Greg Wooledge writes:
> On Tue, Mar 19, 2024 at 05:42:55PM +0300, Jan Krapivin wrote:
>> The root user's password should be long (12 characters or more) and
>> impossible to guess. Indeed, any computer (and a fortiori any server)
>> connected to the Internet is regularly targeted by automated con
Am Tue, 19 Mar 2024 17:42:55 +0300
schrieb Jan Krapivin :
> The thing is my password is very easy now
The simplest thin is to change that now.
, and i haven't thought about *"automated connection attempts"*,
> that sounds rather... scary?
Those attempts happen if a server software (like SSH, Te
Jan Krapivin wrote:
> I read Debian Administrator's handbook now. And there are such words:
>
> The root user's password should be long (12 characters or more) and
> impossible to guess.
...
> The thing is my password is very easy now, and i haven't thought about
> *"automated
> connection at
On Tue, Mar 19, 2024 at 05:42:55PM +0300, Jan Krapivin wrote:
> The root user's password should be long (12 characters or more) and
> impossible to guess. Indeed, any computer (and a fortiori any server)
> connected to the Internet is regularly targeted by automated connection
> attempts with the m
> The threats are different for:
>
> - a laptop that travels and can be stolen
> - a desktop that does not leave your residence
> - a server that accepts connections from the outside world
>
>
> Check whether you are running ssh:
>
It is a simple home desktop PC
*@deb:~$ /sbin/service ssh status*
> Do you have some kind of remote access enabled or do you intend to in
> the near future?
>
No and no. Its just a simple home PC.
>
> If not, then you do not need to worry. Even less if you have a firewall
> to block any service that might appear by mistake.
>
I have UFW (gufw) enabled.
Thank
Jan Krapivin (12024-03-19):
> The thing is my password is very easy now, and i haven't thought about
> *"automated
> connection attempts"*, that sounds rather... scary? My password is easy
> because i am not afraid of direct physical access to the computer.
Hi.
Do you have some kind of remote acc
I read Debian Administrator's handbook now. And there are such words:
The root user's password should be long (12 characters or more) and
impossible to guess. Indeed, any computer (and a fortiori any server)
connected to the Internet is regularly targeted by automated connection
attempts with the
66 matches
Mail list logo
