On Tue, Mar 10, 2015 at 4:15 AM, Björn Persson <Bjorn@rombobjörn.se> wrote: > Kevin Kofler wrote: >> The user surely knows better what a good password is than the >> software does. If the user picks a crappy password, there's probably a good >> reason. > > There are two possible reasons why you would say that. Either you > haven't even looked at the Ars Technica articles that have been > discussed in this thread, or else you believe that a majority of users > of all sorts of web services think it's all right if all the spies and > script kiddies in the world have full access to their accounts. I do not deny that weak passwords in certain contexts expose users to risks *I* don't feel comfortable with. Educating them is appropriate to the degree I think it's an obligation. Coercing them is inappropriate to the degree I'd rather see them hacked. Propose an ethical challenge to that. What's been proposed (and implemented) in the installer right now embraces the slipper slope of taking responsibility for a class of users. This is fraught with epistemic questions, including ethical ones. And the choice is to go after very weak passwords, but not weak ones. Why? What happens to this debate if the minimum passphrase is set to 25 characters? This has sound basis, congruent with all of the concerns from various popular web sites and services, to the cited XKCD, Ars Technica, Schneier articles, and others I've cited elsewhere including security@ list on this topic. Today Schneier raises the possibility the NSA has broken Microsoft's BitLocker. And yet we're debating whether to babysit users passwords. It's a juxtaposition that amuses me greatly. But it's a digression. So why not a 25 character limit? How does that change the debate? I for one would stop even debating it. I think even Kevin could consider just giving up the debate, because at that point, there would be thousands of users who would be having conniption fits. I doubt anyone would dispute this. So what does that tell us? It tells us people don't like being coerced. They don't like their judgement questioned. And it tells us password enforcement proponents presume that all of these ethical problems can be swept under the rug when there are few complainers. Ergo, might makes right. And promptly you've arrived at the very old debate of Thrasymachus. You do not get to just set it aside just because you don't like either its questions or its conclusions. What is Fedora going to be as it grows up? An enforcer of principles? An encourager of principles? An aggressive educator of principles? Let's try a real world example: Briefly opine on the fact on my mobile device I don't set a password at all. It's just a lock screen. Anyone can unlock it. I also don't encrypt it. Does it make you nervous on my behalf? Do you think it's bad judgment? Do you lock and/or encrypt your wallet? If not, why not? How is a mobile device different from a wallet (other than the obvious physical differences)? Are Google, Cyanogen, Apple, Microsoft acting wrongly by permitting no passwords on mobile devices? If so, why would they do this? I use a relatively strong 6 word passphrase for FDE on my laptop however. How do you account for this difference in policy? If you can't explain this sufficiently that you can enable it as an enforceable policy, I don't see how you've done the very basic (though extremely difficult and expensive) epistemic work to start forcing people to change their behavior rather than just educate them. Because without that, I think you'll lack sufficient mandate for a might makes right policy. -- Chris Murphy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
