So, you made a POST request to an online "passwordchecker" and they now probably have your password.
On 02/26/2015 04:24 PM, Speak Freely wrote:
Hi ZEROF,
I had fail2ban, harden (which includes tiger, tripwire, logcheck, plus MANY others), all the fancy log checkers, rkhunter and clamav, unattended-upgrades, and had all logs emailed to me on a daily basis. It was tedious to go through, but I was trying to do my due diligence.
I disabled root login, changed ssh port (security through obscurity - damn right, but I kept it in the privileged range.)
Each password was a minimum of 32 characters, alphanumeric plus symbols. No two passwords were alike, or remotely similar. (No, I didn't use keys :@)
I checked "how secure is my password", and this is the result: It would take a desktop PC about 21 quattuordecillion years to crack your password
I had to look quattuordecillion up, as my spell checker doesn't know what it means. In the US, it means 1, followed up 45 zeros. (In the UK it is 10^84, but I believe the website is American so I'm sticking with ^45)
I disabled as many services as I could reasonably tolerate. I removed world rights to as much as I could think. I did everything I could think of to make each VPS effectively useless except for running a Tor relay.
My firewall matched my Reduced Exit Policy, plus my "secret" ssh port.
I never thought about the honey-pot... That's a good one.
Speak Freely _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays