[CentOS] Fedora change that will probably affect RHEL

Wed Jul 29 02:50:19 UTC 2015
Chris Murphy <lists at colorremedies.com>

On Tue, Jul 28, 2015 at 6:32 PM, Warren Young <wyml at etr-usa.com> wrote:
> On Jul 28, 2015, at 4:37 PM, Nathan Duehr <denverpilot at me.com> wrote:

>> Equating this to “vaccination” is a huge stretch.
>
> Why?

It's not just an imperfect analogy it really doesn't work on closer scrutiny.

Malware itself is not a good analog to antigens. Vaccinations provide
immunity to only certain kinds of antigens, and only specific ones at
that. Challenge-Response, which is what a login password is, is about
user authentication it is not at all meant or designed to provide
immunity from malware. That we're trying to use it to prevent
infections is more like putting ourselves into bubbles; and humans put
into bubbles for this reason are called immune compromised.

So this push to depend on stronger passwords just exposes how "immune
compromised" we are in these dark ages of computer security. There are
overwhelmingly worse side effects of password dependency than
immunization. The very fact SSH PKA by default is even on the table in
some discussions demonstrates the level of crap passwords are at.

Software patches, SELinux and AppArmor are closer analogs to certain
aspects of human immunity, but even that is an imperfect comparison.

And also, a large percent of malware doesn't even depend on brute
force password attacks. There are all kinds of other ways to
compromise computers, create botnets, that don't depend on passwords
at all. So vaccinations  have something like 95% efficacy, while
passwords alone have nothing close to this effectiveness against
malware.



-- 
Chris Murphy