FESCO request to revert password confirmation change in F22
Miloslav Trmač
mitr at redhat.com
Sat Mar 7 00:25:53 UTC 2015
> On Fri, 2015-03-06 at 12:00 -0700, Kevin Fenzi wrote:
> > * The workstation folks think this change could drive away some of
> > their potential users for not much gain. In their case, sshd is not
> > enabled/running and additional security for a device that sits in
> > your home isn't worth the additional complexity.
>
> Regarding Workstation: I don't think it provides any additional safety,
> TBH. I see two cases:
>
> * Case 1: The attacker has physical access to your computer. The user
> account password is no protection: I think pretty much all of us know
> how to boot a live image and copy files off the disk that way. A BIOS
> password would actually help somewhat, to delay the attacker as long as
> it takes the attacker to drain your battery to reset it. A disk
> encryption password would be real security.
No, the real security is actually the minimum of (disk encryption password)*fuzz, (user account/screen lock password); with a fuzz factor accounting for the fact that disk encryption password can be broken off-line, at full speed, farming it out to thousands of machines, but a screen lock password needs to be typed (or perhaps brute-forced using a keyboard-mimicking USB device, still slower than full speed, and restricted to one guess at a time). The way we deploy LUKS, a single password guess takes one second on a comparable hardware, so the fuzz factor is not actually as large as it might seem.
The screen lock password still matters, though it does not need to be as strong as the disk encryption password.
Mirek
More information about the devel
mailing list