On Wed, February 4, 2015 17:16, Lamar Owen wrote:. > > Now, I have seen this happen, on a system in the wild, where the very > first thing the attacker did was grab a copy of /etc/shadow, even with > an interactive reverse shell and root access being had. So even when > you recover your system from the compromise you have the risk of all > those passwords being known, and unfortunately people have a habit of > using the same password on more than one system. > > Further, lists of usernames and passwords have market value. > And the arbitrary change made to Anaconda deals with this difficulty how, exactly? Look, I am neither for nor against setting arbitrary standards for user-passwords. In fact, his is what I do to generate system passwords: cat /proc/sys/kernel/random/entropy_avail 3459 openssl enc -base64 <<< $(head -c 32 /dev/random) | \ sed 's/\(....\)/\1:/g; s/.$//' BuRd:f8qU:yY8M:pbtO:uDlw:D53k:whW+:eJtC:z8Tc:4zlo:hiIK and discard the ':' which I provide simply to make it easier for me to read and type the damn things (once). My belief is that trust in such passwords is totally misplaced. However, if such things makes you feel comfortable (like avoiding crossing paths with a black cat or walking under ladders) then that is your affair and who am I to disagree with your choice. The change to Anaconda is not an issue because of what it is but for how it was done; arbitrarily, without community input, and without consideration of other points of view. That arrogant act was then excused under the rubric of 'increased security'. It that part which irritates me. My indulgence in raising this issue at all is to highlight the inappropriate responses that the human desire to do 'something', 'anything', no matter how pointless, so often trump considered reflective contemplation of the problems and what options are available to deal with them. I am tired of reading of so much wasteful nonsense being excused under the general heading of 'security'. And so I call people out on it now. Prove to me that any increase of cost imposed on me by your decision actually improves my security to a degree that the benefit is measurably greater than the cost. And DO NOT discount my time as having no value. If you cannot prove that then just b*gger *ff. I may have to put up with that crap for want of any viable alternative but, I am not going to nod sagely and pretend that I agree just because currently that is the socially acceptable way of receiving such professions of belief. It is BS. It has always been BS. And it will always be BS. There are no secure methods of public communication. One can only attempt to increase the expense of surveillance to the point where the value of the information received is less than the cost of getting it. If someone values it highly enough then no amount of expense is going to dissuade them and they will have it, eventually. If the cost of surveillance is cheap enough then everything will be surveyed and everyone will have access to your information. But surely, it is the choice of the parties owning the information to decide how much value it has and exactly how much expense is justified in protecting it? Access to computer systems has to considered from the point of view of eventual compromise. Is not if, it is when, you are compromised. The critical considerations are: how will you detect it; how much penetration will result from each potential point of entry before it is detected; and how much effort will it take to recover? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3