A topic of concern in Linux
janina at rednote.net
Tue Jan 20 10:47:41 EST 2004
Steve, your analysis is correct up to a point.
On our own personal computers in Linux, we have our ordinary user
accounts and our root accounts. We manage both passwords--but we don't
usually read mail as root. So, even if someone cracks into a user
account, there's another hurdle before the cracker can get to root.
But, there's even a stronger argument on the work side of things. At the
office or at school, you're going to have your ordinary user account,
and you're not going to have root access. And, it's not that hard to
enforce safer passwords even for ordinary user accounts.
For example, using your barbie password, and simply adding punctation
between the syllables makes a password significantly harder to crack.
Here are several examples:
Dawes, Stephen writes:
> From: "Dawes, Stephen" <Stephen.Dawes at calgary.ca>
> You raise a number of good points. However, you have perhaps missed the
> most important one of all. In my opinion, that being, that regardless of
> the OS, the OS is only as secure as its password. Now that may sound
> funny, but it isn't. There is a number of different password cracking
> packages circulating out there that can crack a password in no time
> flat. Why are they so successful? Because people tend to use a password
> that is a word or phrase that means something to them. E.G. The name of
> their girlfriend and to hopefully make that more difficult to break
> down, they add in the girlfriends measurements. So a password may look
> something like, barbie362030.
> If you want to use a password that is harder to break, then the experts
> suggest that you use non-alpha-numeric characters as part of the
> password. So, if I was to use the example above, another way to do the
> same password would be, b>bie362030. Where the > character as us grade 2
> Braille users know is the are contraction in computer Braille.
> One other thing to remember, is that a password is only as good as the
> secret holders reliability. Remember that there is always two people who
> know your secret, yourself and the person you told it to.
> So although a lot has been made of Linux security, I maintain that that
> it is no more and no less secure then any other OS. All OS's rely on
> passwords as a big part of their security, and thus the all have the
> same weakness. The difference between the different OS's level of
> security is the tools provided, the use of the tools, the maintaining of
> the tools, ETC. In all cases, the human is the gate keeper, and humans
> are the week link in all cases.
> Steve Dawes
> Phone: (403) 268-5527
> Email: SDawes at calgary.ca
> This communication is intended ONLY for the use of the person or entity named above and may contain information that is confidential or legally privileged. If you are not the intended recipient named above or a person responsible for delivering messages or communications to the intended recipient, YOU ARE HEREBY NOTIFIED that any use, distribution, or copying of this communication or any of the information contained in it is strictly prohibited. If you have received this communication in error, please notify us immediately by telephone and then destroy or delete this communication, or return it to us by mail if requested by us. The City of Calgary thanks you for your attention and cooperation.
> Speakup mailing list
> Speakup at braille.uwo.ca
Email: janina at rednote.net
Phone: +1 (202) 408-8175
Director, Technology Research and Development
American Foundation for the Blind (AFB)
Chair, Accessibility Work Group
Free Standards Group
More information about the Speakup