Brian wrote: > Henrique de Moraes Holschuh wrote: > > Brian wrote: > > > used. But if it can be demonstrated that a twenty character password can > > > be forced in a time-frame which makes sense I'll stop doing it and most > > > > That depends. Are you using any dictionary words or easy character > > permutations thereof to make a pass-phrase? If so, your 20-char password is > > a lot weaker than what one might expect at first glance. > > There are four dictionary words in this passphrase > > Allow*12Root(Logins)NOW! > > but it doesn't matter because you either get the whole thing or nothing. > The password checkers referenced elsewhere in this thread give it 10/10. > Attacking an sshd password is an online activity so, while I suppose it > could be in a dictionary, this is a brilliant password; suitable for a > user or for root. Even if it got guessed after a couple of hundred years > you would be past caring! I completely agree with you. I am going to drift a little by complaining about some password plugins that will complain about the *plaintext* of the password at the time you create it. I have seen a number of them that look at the plaintext of the password and complain about dictionary words in it. I once tried to use a password similar to "a1Sith4x" (a completely randomly generated password, see "pwgen") but a password strength checking pluggin on that system complained about it containing a dictionary word. Did you see it in the above? Yes, I agree that "a" is a dictionary word but in the context of the password it was completely random and that fact that it is in the dictionary doesn't help a cracker in any way. Password checkers that look at the ciphertext and attack it as an attacker would attack it are okay. Checkers that cheat and look at the plaintext are not doing anyone any good. It is a trap. > Debian's default of enabling root logins is sensible. How hard is it to > change it should an administrator want to? What damage does it do if > left as it is? Or even more important is the question of what is the danger if it is disabled? I think that could do a lot of damage. If it is disabled then it is possible with various accidents that an administrator would be locked out of a system. If it is a remote system, say a data center on the other side of the world, then this could be a big hardship to impose upon us. Having the ability to log in as root, even if you feel the need to change the password afterward, is a huge safety net. 1. Always use an unguessable password for all accounts, root or otherwise. 2. Having a login, root or otherwise, available for encrypted (and therefore unsniffable) remote login (such as using ssh) is not a security hole. If anyone thinks the second rule is a problem then they must be violating the first rule. And of course if the password can be observed at any point then the strength of it is irrelevant. I always use and recommend ssh rsa keys. They are safer than passwords. They are more convenient than passwords. If you avoid using a password then it reduces the chances for a password to be compromised. Bob
Attachment:
signature.asc
Description: Digital signature