Mailinglist Archive: opensuse-factory (905 mails)
| < Previous | Next > |
Re: [opensuse-factory] openSUSE updater broken
- From: Jan Ritzerfeld <suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 2 Jun 2008 21:52:42 +0200
- Message-id: <200806022152.42825.suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Am Sonntag, 1. Juni 2008 schrieb Boyd Lynn Gerber:
I had such a gpg file some years ago. However, preventing the decrypted
passwords from leaking is not that easy, think about /tmp and swap.
The more users your system has, the stronger the root password must be
(sounds like Yoda speech, doesn't it?). If a system has one user only,
breaking the root password will have much less impact. Then, the problem is
reduced to the necessity of reinstalling a compromised system instead of
just cleaning up the home directory.
In general, I want to prevent both my system and my personal data. So, the
my user password should not be much less stronger than the root password.
Choosing two different but equally strong passwords for the same purpose
(and system!) seems to me at least superfluous.
Gruß
Jan
--
One of the few rules of evolution is that extreme specialization results in
eventual extinction.
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
[...]
I have a file on my computer that is gpg encrypted with the passwords for
my 400+ logins. There just is no way to remember that many passwords.
I had such a gpg file some years ago. However, preventing the decrypted
passwords from leaking is not that easy, think about /tmp and swap.
That is why I use password phases for ssh logins and disable password
logins on my machines. So I understand this very well. But I really
feel that root and the admin need strong passwords.
The more users your system has, the stronger the root password must be
(sounds like Yoda speech, doesn't it?). If a system has one user only,
breaking the root password will have much less impact. Then, the problem is
reduced to the necessity of reinstalling a compromised system instead of
just cleaning up the home directory.
In general, I want to prevent both my system and my personal data. So, the
my user password should not be much less stronger than the root password.
Choosing two different but equally strong passwords for the same purpose
(and system!) seems to me at least superfluous.
Gruß
Jan
--
One of the few rules of evolution is that extreme specialization results in
eventual extinction.
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |