On 02/17/2017 12:52 PM, David Lang wrote: > On Fri, 17 Feb 2017, Alberto Bursi wrote: > > And having no password is a much bigger change than having a short > password when you are testing things. It makes a lot of sense to be > excercising the password routine when doing tests, and very little > difference if you are excercising it with a short password or a long one. >
What? if I'm testing things that are completely unrelated to login (system configurations for tutorials or stuff for device support) then how I log in is irrelevant. > Why are you saying that short passwords are bad? Is it just because you > have been told that they are? > > Remember, a short password is only a problem if attackers have the > ability to make brute force attacks on the system. If attackers can't > get at the interface, or if there are other strategies in place to > defeat brute force attacks, a short password can be acceptable. > True. Are there such systems in place for ssh access? Btw, for console access (serial or TTL or whatever) there is no login even if you have set a password afaik. -Alberto _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev