On Fri, Jan 30, 2015 at 9:54 AM, Kevin Fenzi <kevin@xxxxxxxxx> wrote: > On Fri, 30 Jan 2015 22:11:12 +0530 > Sudhir Khanger <ml@xxxxxxxxxxxxxxxxx> wrote: > >> On Thursday, January 29, 2015 01:30:11 PM David Lehman wrote: >> > Pick a single "strong" password that you can remember and use it >> > for all of them. Pretty easy, really. >> >> It's not my memory but its my fingers. I will have to enter a long >> password over and over again for no real reasons. > > Well, thats not entirely true... the reason is so that all those people > who actually use the thing you are testing have more secure passwords. ATMs have rate and retry limits, among other mechanisms, to permit a 4 digit numeric PIN being adequately secure. Does Fedora have limits on rate and retries? If not, why not? User who want or need more secure passwords can always opt in without affect anyone else. Why is the project's installer not merely questioning the user's veracity and competency, but disallowing them, by force, from doing what they think is in their best interest? What is the plan should no one care to harden Fedora security in other ways? 16 character passwords are next? The diceware minimum recommended passphrase is made of 5 words. If the project cares so much about other people's minimum acceptable security that it's willing to enforce this under duress, why not make it actually meaningful? Oh, because a 20 character passphrase being compulsory might actually make too many users angry for suggesting their passwords are shit. > apg (along with many other things) can generate you a list of passwords > and 'pwscore' can make sure they will pass the same tests anaconda > would give them. > > IMHO, this isn't so big a deal. And apg and pwscore are going to be integrated into the Anaconda GUI? Or will the GUI simply be an enforcer while providing zero assistance in selecting an appropriate password? What feedback will the user be given so they understand what exact change in behavior they need to make? Have you actually played with pwscore? # pwscore root shrkobtk 1 # pwscore root tableprison 41 # pwscore root inforats Password quality check failed: The password fails the dictionary check - it is based on a dictionary word This defies belief. Random scores lowest. Two dictionary words scores average. A dictionary word fragment and a plural noun is disqualified. Ridiculous. > I'll have to change my throw away > instance test password from 'abc123' to something like 'tacosyum99' > Shrug. You fail to understand the can of worms opened up by this. My trust in Fedora is diminished because of the theatrics and indiscriminately shifting this burden onto all users. The arguments in favor thus far are demonstrably specious, so there must be some other explanation for why the change is being made. How insecure is Fedora compared to other platforms, or even other distributions? Where's the assessment? Are successful brute force attacks being made on Fedora systems in the wild? And instead of those particular systems and use cases having stronger passwords, everyone needs to have them by force? And two more characters totalling maybe a scant 10 bits of additional entropy really has a meaningful change of thwarting those brute force attacks? What's the actual, real world, non-imaginary impetus behind the change? I see hand waiving, and I see dog shit in a bag with sparklers on it. It looks impressive and useful, but inside it's just crap. -- Chris Murphy -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
