[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] URGENT: Cannot su - while being admin
- Subject: Re: [cobalt-users] URGENT: Cannot su - while being admin
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Wed Jan 16 20:15:02 2002
- Organization: nobaloney.net
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
flash22@xxxxxxx wrote:
> OK, simple answer in the form of a question...
>
> How many passwords do you have to guess to log in directly as root?
> How many passwords do you have to guess to log in as user and then log in
> again as root via su ?
>
> Which is easier / faster ?
Sorry, but this is nothing more or less than FUD.
If you use a password like "HoRG3A7Q" (these are the kinds of passwords
we use, and we have a password generator that creates them) you're NOT
going to guess it. Period. If you're using anything less secure, we're
going to guess it in less than an hour, if we want to, no matter if we
have to guess twice or not.
There's NO reason not to ssh as root. In fact, by default, ssh allows
log-in by root. If you don't believe it, just try it.
And oh, for the few people who don't realize it, now that I've
"published" that random password example above, it's no longer a good
password to use; it's quite insecure in fact, since we can be sure
somone who scans the 'net just to add words to password cracking
dictionaries, WILL add it to one.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA 92517
voice: (909) 778-9980 * fax: (702) 548-9484