FESCO request to revert password confirmation change in F22

Björn Persson Bjorn at xn--rombobjrn-67a.se
Fri Mar 6 22:01:50 UTC 2015

Michael Catanzaro wrote:
> If the attacker is unskilled and doesn't know how to boot a live image,

or if the attacker snuck into your room when you left it to fetch some
coffee, and needs to unlock your console, implant a backdoor and sneak
back out before you return, or otherwise can't reboot your computer
because you would notice it,

> and the password is *exceedingly* bad ("123", "alice", "mcatanzaro"
> etc.), then it would matter if the attacker could guess it. I personally
> see little harm in taking the ball away from those who'd use passwords
> like those.
> Possibly there is something I have missed -- if someone can set me
> straight as to a safety issue I am missing, that'd be dandy -- but I for
> one have yet to see an argument that the strength of the password
> matters at all!

In the previous paragraph you wrote that it does matter. It seems that
what you're actually arguing is that the threshold should be very low.

Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signatur
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150306/55c6ba9f/attachment.sig>

More information about the devel mailing list