FESCO request to revert password confirmation change in F22
mcatanzaro at gnome.org
Fri Mar 6 23:55:49 UTC 2015
On Fri, 2015-03-06 at 23:01 +0100, Björn Persson wrote:
> or if the attacker snuck into your room when you left it to fetch some
> coffee, and needs to unlock your console, implant a backdoor and sneak
> back out before you return, or otherwise can't reboot your computer
> because you would notice it,
Well... yes, I suppose if you've left your computer on and locked, and
the attacker wants to make sure you do not notice the reboot, or wants
to get a RAM dump that would be lost when shut down (e.g. for my
gnome-keyring passwords), then there is some benefit, but to a quite
limited extent IMO: the attacker is still limited by the speed at which
PAM and gdm allow you to try logging in. Every guess takes something
like three seconds. So I think a weak password suffices.
> In the previous paragraph you wrote that it does matter. It seems that
> what you're actually arguing is that the threshold should be very low.
Personally, I'd be fine with the password strength check if the
threshold was very low, but my proposed threshold is *way* lower than
libpwquality can be configured to accept. Different thresholds could
make sense for different products. Obviously many other folks want it
Changing libpwquality would be quite desirable so we can close the
upstream bugs in gnome-control-center and gnome-initial-setup.
More information about the devel