[LUAU] all your GPU are belong to us
Jim Thompson
jim at netgate.com
Fri Oct 26 02:32:33 PDT 2007
On Oct 25, 2007, at 10:09 PM, Eric Hattemer wrote:
> Vince Hoang wrote:
>> On 10/25/07, Jim Thompson <jim at netgate.com> wrote:
>>
>>> If passwords weren't "dead" already, this (or having the botnet
>>> do it
>>> on the CPUs) finished them.
>>>
>>
>>
>> In a world where bank PINs are 4 numeric digits can you suggest
>> practical
>> alternatives? Biometrics are not mature enough. Two-factor
>> authentication
>> has existed for a long time but is not cost effective for the average
>> consumer.
>>
> The article talks about ntlm and pgp. The answer is not passwords
> that
> are more complicated, it is passwords that can't be anonymously
> downloaded and cracked offsite. It doesn't matter how crappy your
> shadow password is if someone can only try an ssh attempt every 2
> seconds or so.
You're assuming that they can't get in and read /etc/shadow.
> NTLM passwords are freely available to any decent
> cracker with a network connection to the windows machine. If your PGP
> secrets are important, and you expect someone to get at them, you'd
> better have a ridiculously large key.
Or, better, keep the key on a separate device, such as a USB key
or .. a Smart Card. There are USB Smart Card readers that will hold
a SIM-sized smart card.
More information about the LUAU
mailing list