A topic of concern in Linux

Dawes, Stephen Stephen.Dawes at calgary.ca
Tue Jan 20 09:49:19 EST 2004 

You raise a number of good points. However, you have perhaps missed the
most important one of all. In my opinion, that being, that regardless of
the OS, the OS is only as secure as its password. Now that may sound
funny, but it isn't. There is a number of different password cracking
packages circulating out there that can crack a password in no time
flat. Why are they so successful? Because people tend to use a password
that is a word or phrase that means something to them. E.G. The name of
their girlfriend and to hopefully make that more difficult to break
down, they add in the girlfriends measurements. So a password may look
something like, barbie362030. 
If you want to use a password that is harder to break, then the experts
suggest that you use non-alpha-numeric characters as part of the
password. So, if I was to use the example above, another way to do the
same password would be, b>bie362030. Where the > character as us grade 2
Braille users know is the are contraction in computer Braille.

One other thing to remember, is that a password is only as good as the
secret holders reliability. Remember that there is always two people who
know your secret, yourself and the person you told it to.

So although a lot has been made of Linux security, I maintain that that
it is no more and no less secure then any other OS. All OS's rely on
passwords as a big part of their security, and thus the all have the
same weakness. The difference between the different OS's level of
security is the tools provided, the use of the tools, the maintaining of
the tools, ETC. In all cases, the human is the gate keeper, and humans
are the week link in all cases.


Steve Dawes
Phone: (403) 268-5527
Email: SDawes at calgary.ca


NOTICE::
This communication is intended ONLY for the use of the person or entity named above and may contain information that is confidential or legally privileged. If you are not the intended recipient named above or a person responsible for delivering messages or communications to the intended recipient, YOU ARE HEREBY NOTIFIED that any use, distribution, or copying of this communication or any of the information contained in it is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and then destroy or delete this communication, or return it to us by mail if requested by us. The City of Calgary thanks you for your attention and cooperation.

More information about the Speakup mailing list