FESCO request to revert password confirmation change in F22

Björn Persson Bjorn at xn--rombobjrn-67a.se
Sat Mar 7 15:41:45 UTC 2015

Michael Catanzaro wrote:
> On Fri, 2015-03-06 at 19:25 -0500, Miloslav Trmač wrote:
> > The way we deploy LUKS, a single password guess takes one second on a comparable hardware, so the fuzz factor is not actually as large as it might seem.
> Wow, I had no clue it was that good. OK, so making one guess at the user
> account password every ~three seconds would not be an unreasonable
> attack, once you've stolen the computer, given how slow it would be to
> attack LUKS. I had incorrectly assumed that the difference in speed
> would be orders of magnitude.
> Still, this is not a realistic threat for most users, and it would take
> forever to attack either way, so this really just convinces me that I
> can be safe with a much weaker disk encryption password than I had
> previously imagined. :)

Don't forget that an attack on the disk encryption can be parallelized,
while attempts to unlock the console can not.

Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signatur
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150307/380b45e6/attachment.sig>

More information about the devel mailing list