Re: username, password for proxy setting in yum and for other purpose

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2011-02-11 at 15:44 +0100, Alain Roger wrote:
> 2. in our company password must be changed every 60 days.

Actually, that's not a security measure.  It's a false belief.  And
tends to have the opposite effect.

It's harder for people to remember changing passwords, particularly when
they have to remember lots of different passwords.  So they're far more
likely to write it down, and they're likely to write it somewhere that's
easily spied upon.

Changing it won't make it any harder to make a random guess at it.  It's
just about as hard to guess it, no matter whether it stays the same, or
periodically changes.  Or, it's just as likely that you might guess what
it changed to, as guess what it has always been.  Likewise, it's only
one chance easier to guess a password that isn't changed by going
through a dictionary attack and keeping track of which words you've
already tried (i.e. if you could pick one word from a list of 600,000
words that you might use, that's a 1/600,000 chance of guessing it; then
if you changed it, it's a 1/599,999 chance of getting it right,
presuming no repeats, that's hardly a significant change).

If a password has already been cracked, that should have been detected.
If you're not checking for cracking attempts, you're not doing good
security.

> a) how can i store username and password in a not human readable way
> (encrypted for example) a still make it available for yum, or ther
> purposes like firefox ?

Encrypted whole drive contents, so it's ready normally while running,
but isn't readable if someone steals the drive?

Run a local proxy that uses your password to access the secured one, and
your local apps all go through your unsecured but restricted local
proxy?

Securing the local copy is going to be a bit pointless if you blurt it
out unencrypted across the network (e.g. in HTTP requests) to be easily
seen, anyway.

> b) how can i do to only once change it and that change should be
> applicable for all purposes like yum, firefox, and so on... ?

The simple solution for setting your password in one place, and
everything always using *that* password, is for all configuration files
that have a password set into them, their config scripts import your
password from a single known file that holds the password.

What about don't store the password in a file.  Store it as a variable
held in memory.  You type it in once, when requested to, and everything
sources that variable.  And it's reset when you log out.


-- 
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.



-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux