Heads up - Anaconda 22.17 will enforce 'good' passwords

Fri Jan 30 19:59:12 UTC 2015

On Fri, Jan 30, 2015 at 9:54 AM, Kevin Fenzi <kevin at scrye.com> wrote:
> On Fri, 30 Jan 2015 22:11:12 +0530
> Sudhir Khanger <ml at sudhirkhanger.com> wrote:
>
>> On Thursday, January 29, 2015 01:30:11 PM David Lehman wrote:
>> > Pick a single "strong" password that you can remember and use it
>> > for all of them. Pretty easy, really.
>>
>> It's not my memory but its my fingers. I will have to enter a long
>> password over and over again for no real reasons.
>
> Well, thats not entirely true... the reason is so that all those people
> who actually use the thing you are testing have more secure passwords.

ATMs have rate and retry limits, among other mechanisms, to permit a 4
digit numeric PIN being adequately secure. Does Fedora have limits on
rate and retries? If not, why not?

User who want or need more secure passwords can always opt in without
affect anyone else. Why is the project's installer not merely
questioning the user's veracity and competency, but disallowing them,
by force, from doing what they think is in their best interest?

What is the plan should no one care to harden Fedora security in other
ways? 16 character passwords are next? The diceware minimum
recommended passphrase is made of 5 words. If the project cares so
much about other people's minimum acceptable security that it's
willing to enforce this under duress, why not make it actually
meaningful? Oh, because a 20 character passphrase being compulsory
might actually make too many users angry for suggesting their
passwords are shit.

> apg (along with many other things) can generate you a list of passwords
> and 'pwscore' can make sure they will pass the same tests anaconda
> would give them.
>
> IMHO, this isn't so big a deal.

And apg and pwscore are going to be integrated into the Anaconda GUI?
Or will the GUI simply be an enforcer while providing zero assistance
in selecting an appropriate password? What feedback will the user be
given so they understand what exact change in behavior they need to
make?

Have you actually played with pwscore?

# pwscore root
shrkobtk
1
# pwscore root
tableprison
41
# pwscore root
inforats
Password quality check failed:
 The password fails the dictionary check - it is based on a dictionary word

This defies belief. Random scores lowest. Two dictionary words scores
average. A dictionary word fragment and a plural noun is disqualified.
Ridiculous.

> I'll have to change my throw away
> instance test password from 'abc123' to something like 'tacosyum99'
> Shrug.

You fail to understand the can of worms opened up by this. My trust in
Fedora is diminished because of the theatrics and indiscriminately
shifting this burden onto all users. The arguments in favor thus far
are demonstrably specious, so there must be some other explanation for
why the change is being made.

How insecure is Fedora compared to other platforms, or even other
distributions? Where's the assessment? Are successful brute force
attacks being made on Fedora systems in the wild? And instead of those
particular systems and use cases having stronger passwords, everyone
needs to have them by force? And two more characters totalling maybe a
scant 10 bits of additional entropy really has a meaningful change of
thwarting those brute force attacks? What's the actual, real world,
non-imaginary impetus behind the change?

I see hand waiving, and I see dog shit in a bag with sparklers on it.
It looks impressive and useful, but inside it's just crap.

-- 
Chris Murphy