FESCO request to revert password confirmation change in F22
Bjorn at xn--rombobjrn-67a.se
Fri Mar 6 22:01:50 UTC 2015
Michael Catanzaro wrote:
> If the attacker is unskilled and doesn't know how to boot a live image,
or if the attacker snuck into your room when you left it to fetch some
coffee, and needs to unlock your console, implant a backdoor and sneak
back out before you return, or otherwise can't reboot your computer
because you would notice it,
> and the password is *exceedingly* bad ("123", "alice", "mcatanzaro"
> etc.), then it would matter if the attacker could guess it. I personally
> see little harm in taking the ball away from those who'd use passwords
> like those.
> Possibly there is something I have missed -- if someone can set me
> straight as to a safety issue I am missing, that'd be dandy -- but I for
> one have yet to see an argument that the strength of the password
> matters at all!
In the previous paragraph you wrote that it does matter. It seems that
what you're actually arguing is that the threshold should be very low.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: OpenPGP digital signatur
More information about the devel