Re: How can I secure a Debian installation?
- To: debian-user@lists.debian.org
- Subject: Re: How can I secure a Debian installation?
- From: Brian <ad44@cityscape.co.uk>
- Date: Sat, 1 Feb 2014 17:56:40 +0000
- Message-id: <20140201175640.GP3888@copernicus.demon.co.uk>
- In-reply-to: <CAD4guxPxeiCV+VfRnzM71QdxRnnJcWF4-wP4yQX0=71wdFjxUw@mail.gmail.com>
- References: <20140128094643.6ee293e7@jretrading.com> <CAD4guxPnaDnwBgjEms8PnMT22myXJj7esT01ug-P-feR4+_rQw@mail.gmail.com> <20140128184234.GL3888@copernicus.demon.co.uk> <20140130185311.51a2a863@X200> <20140130202637.GN3888@copernicus.demon.co.uk> <CAD4guxODr4vFdqyyg20uJdiK-8zk-dDQX9poa5asX8HuG1hkBg@mail.gmail.com> <52EB405C.5070909@gmail.com> <CAD4guxMG=7ZwEey+7vvSD73nOYdFehJqGVcYLNEd75X2-2uSeA@mail.gmail.com> <20140131200614.GO3888@copernicus.demon.co.uk> <CAD4guxPxeiCV+VfRnzM71QdxRnnJcWF4-wP4yQX0=71wdFjxUw@mail.gmail.com>
On Sat 01 Feb 2014 at 08:58:52 +0100, Raffaele Morelli wrote:
> Here we go. To be more accurate, it's not that password login is less
> secure, it's private key + passphrase that *adds* security because of its
> nature.
> That way, even a user who picks a weak passphrase has somewhat an increased
> security.
Ihis doesn't so much add security as *restore* it to the level which
would have existed had a weak password not been used.
An administrator might have taken the decision to mandate the use of
keys because he had doubts about users choosing good passwords and was
not in a position to enforce them. This is a reasonable basis for key
use rather than password use and it effectively imposes a known password
strength for authentication.
Note that the same decision (keys rather than passwords) might have been
taken because his users had bad memories for good passwords with 12+
characters. It leads to his having an easier life; in other words, pure
convenience, Quite how these users are going to remember the passphrase
to release the key we can leave to the imagination. :)
Reply to: