Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] remote admin: su vs login as root
  • From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
  • Date: Fri, 11 Jan 2002 03:28:00 -0700
  • Message-id: <000901c19a8a$a51ba020$6400030a@xxxxxxxxxxxx>
> That question (as most in software design) is full of tradeoffs. People
> using ssh interactively want uniform short delays. That behaviour enables

You make some assumptions that while mostly true aren't always. ping a
system, usually it's 100+ms away, a standard delay of up to 10ms for example
wouldn't be to bad (of course I have no idea if 10ms is enough to thwart
timing analysis).

> timing attacks. A steady flow of encrypted traffic regardless of
> interactive use would be optimal from a security standpoint but a waste
> of bandwidth.

Again, some of us wouldn't mind wasting 1k/sec (lord knows I can't type that
fast =) while managing systems.

> Robert

Please do not assume all of us will sacrifice possible security gains for
perceived usability (in this case both your examples aren't really so good,
there are better ones, what they are is left as an excercise to the reader


< Previous Next >