On Jan 6, 2011, at 12:17 PM, Joe Greco wrote:
If you don't understand the value of such an increase in magnitude,
I can count as well as you can, I assure you.
I invite you to switch all your ssh keys to 56 bit.
The difference is that if someone compromises/brute-forces one of my ssh ke= ys, he has something of value. =20
OTOH, if he can find my host and send some packets to it, since I've done a= ll the host OS/app/service BCPs, plus I'm enforcing policy via stateless AC= Ls in hardware-based routers/switches and tcpwrappers on my host, so what? = I could care less.
Generally speaking, security professionals prefer for there to be more roadblocks rather than fewer. That's why they call it layers of security; occasionally your belt may snap and you may find yourself reliant on the suspenders. The fact that you're confident that your belt is great is only relevant to yourself and any others who are similarly confident in their choice of belt. You start off with the assumption that the knowledge of the host address is not something of value; while I agree that it *shouldn't* be of value, the sad fact of the matter is that we've seen numerous examples of where it *is* of value. I'm starting off with the assumption that knowledge of the host address *might* be something of value. If it isn't, no harm done. If it is, and the address becomes virtually impossible to find, then we've just defeated an attack, and it's hard to see that as anything but positive. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.