Torvalds:requiring root password for mundane things is moronic

Chris Murphy lists at colorremedies.com
Wed Mar 7 21:21:26 UTC 2012



On Mar 7, 2012, at 6:29 AM, Miloslav Trmač wrote:
> 
> UNIX didn't have these defaults originally; they were added in the
> 90's only after real-world experience has shown that these policies
> are necessary (and they have been pretty much unchanged for the last
> 10-15 years, AFAIK). 

It's a philosophical conversation that's probably out of scope for this list, but this amounts to baby sitting stupid people. The first thing such a person must accept as true, is that it's necessary to parent morons by second guessing their choices. I think that in and of itself is radically moronic. It says it's OK for complete strangers to hassle other people about their passwords, not even knowing the context.  It's a shake down, and it's how we've arrived at an INSANE password paradigm where we routinely can't choose long memorable passwords, and are instead often forced to choose short 12-15 character passwords that mandate a certain quantity of numerical and special characters. They're difficult to remember, ensuring it will be written down, likely in some unencrypted file, and actually increases the statistical likelihood of a compromise.

> 
> (and FWIW, regarding the "hullop130" password, a quick grep shows that
> "hullo" is in the dictionary, and cracklib may have additional rules
> or ways to arrive at the password from a different dictionary word).


Ok so in other words, this is a 5 year old baby sitter and is marginally competent at the intended task from the outset. I get a time to crack between 101 seconds and 32000 years. The computer in question is used only for testing. The single drive was wiped using the ATA ESE command before I started, so there literally is nothing useful on this computer, but setting the password was like getting sand in body orifices.

I su'd to root and changed the password to hello, and now I feel much better.


Chris Murphy


More information about the devel mailing list