On 02/05/2015 12:36 PM, Brian C. Lane wrote:
Next to impossible? Really? I've find it easy to come up with passwords
that work. We even report libpwquality's reason for any failures.
I tried it today with the images built for anaconda dnf test day [1]. The
results are very much different,
On 02/12/2015 04:19 AM, Kamil Paral wrote:
On 02/05/2015 12:36 PM, Brian C. Lane wrote:
Next to impossible? Really? I've find it easy to come up with passwords
that work. We even report libpwquality's reason for any failures.
I tried it today with the images built for anaconda dnf test day
A ticket has been opened with FESCo.
https://fedorahosted.org/fesco/ticket/1412
--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
--
test mailing list
test@lists.fedoraproject.org
To unsubscribe:
Hi
On Wed, Jan 28, 2015 at 11:53 AM, Brian C. Lane wrote:
This Friday's build of Anaconda will no longer allow you to use weak
passwords and click done twice. In order to promote more secureish
default systems I have increased the password length required to 8
characters and removed
On Thu, Feb 05, 2015 at 03:03:50PM -0800, Rick Stevens wrote:
I have to agree with Chris. I have absolutely no issue with the
installer _warning_ me that the password I chose is (in the INSTALLER's
opinion) weak. The installer should ABSOLUTELY NOT force me to use some
arbitrarily obscure
On Thu, Feb 05, 2015 at 09:53:30AM +0100, Matthias Clasen wrote:
On Mon, 2015-02-02 at 18:38 -0500, David Cantrell wrote:
On Sun, Feb 01, 2015 at 09:53:05PM -0500, Matthias Clasen wrote:
On Fri, 2015-01-30 at 14:03 -0800, Adam Williamson wrote:
I think the main point is the one nirik
On Thu, Feb 05, 2015 at 12:53:45PM -0700, Chris Murphy wrote:
On Thu, Feb 5, 2015 at 10:36 AM, Brian C. Lane b...@redhat.com wrote:
Next to impossible? Really? I've find it easy to come up with passwords
that work.
You think this is easy. Other's don't. It's a condescending,
pointless,
@lists.fedoraproject.org
Sent: Thursday, February 5, 2015 4:03 PM
Subject: Re: Heads up - Anaconda 22.17 will enforce 'good' passwords
On 02/05/2015 12:36 PM, Brian C. Lane wrote:
Next to impossible? Really? I've find it easy to come up with passwords
that work. We even report libpwquality's reason
On 02/05/2015 01:27 PM, Scott Robbins wrote:
On Thu, Feb 05, 2015 at 12:53:45PM -0700, Chris Murphy wrote:
On Thu, Feb 5, 2015 at 10:36 AM, Brian C. Lane b...@redhat.com wrote:
Next to impossible? Really? I've find it easy to come up with passwords
that work.
You think this is easy. Other's
On Thu, 2015-02-05 at 13:59 -0500, Felix Miata wrote:
Brian C. Lane composed on 2015-02-05 09:36 (UTC-0800):
We should be
encouraging them to choose stronger passwords and we should
remember that we're not the only people running Fedora.
BIG difference between encouraging, and
On Thu, Feb 05, 2015 at 10:47:44AM -0500, David Cantrell wrote:
On Thu, Feb 05, 2015 at 09:53:30AM +0100, Matthias Clasen wrote:
On Mon, 2015-02-02 at 18:38 -0500, David Cantrell wrote:
On Sun, Feb 01, 2015 at 09:53:05PM -0500, Matthias Clasen wrote:
On Fri, 2015-01-30 at 14:03 -0800,
Matthias Clasen mclasen at redhat.com writes:
Let me ask now, then: can we make the change to reject 'weak' passwords
specific to only those products that enable sshd by default, please ?
If the only concern is remote attacks, I'd like to see someone answer the
earlier question about whether
Brian C. Lane composed on 2015-02-05 09:36 (UTC-0800):
We should be
encouraging them to choose stronger passwords and we should remember
that we're not the only people running Fedora.
BIG difference between encouraging, and paternalistic forcing. Forcing is
what happens to slaves and
On Sun, Feb 01, 2015 at 09:53:05PM -0500, Matthias Clasen wrote:
On Fri, 2015-01-30 at 14:03 -0800, Adam Williamson wrote:
I think the main point is the one nirik made; I don't think the devs
agree with your assessment of how significant this is. It's a minor
inconvenience; you just
On Sat, 2015-01-31 at 21:21 -0500, Richard Ryniker wrote:
Recapitiulation:
A security problem was recognized because the ssh daemon is enabled
by default on Fedora systems: with a weak root password, a remote
attacker might easily obtain unlimited access.
This is not quite correct; it
we also have no data about the prevalence of weak passwords or attacks
on default-configured Fedora systems
On my firewall system, /var/log/secure is larger than 300 megabytes
(less than one month of data), most of it reports of failed login
attempts to root. I am very careful about passwords on
On Fri, 2015-01-30 at 14:03 -0800, Adam Williamson wrote:
I think the main point is the one nirik made; I don't think the devs
agree with your assessment of how significant this is. It's a minor
inconvenience; you just have to come up with a password that passes
the check, or use a
Recapitiulation:
A security problem was recognized because the ssh daemon is enabled by
default on Fedora systems: with a weak root password, a remote attacker
might easily obtain unlimited access.
The direct solution would seem to be a change to the ssh daemon to
prohibit root login in its
On Sat, Jan 31, 2015 at 09:21:45PM -0500, Richard Ryniker wrote:
Recapitiulation:
A security problem was recognized because the ssh daemon is enabled by
default on Fedora systems: with a weak root password, a remote attacker
might easily obtain unlimited access.
The direct solution would
On Fri, 30 Jan 2015 22:11:12 +0530
Sudhir Khanger m...@sudhirkhanger.com wrote:
On Thursday, January 29, 2015 01:30:11 PM David Lehman wrote:
Pick a single strong password that you can remember and use it
for all of them. Pretty easy, really.
It's not my memory but its my fingers. I will
On Thursday, January 29, 2015 01:30:11 PM David Lehman wrote:
Pick a single strong password that you can remember and use it for all
of them. Pretty easy, really.
It's not my memory but its my fingers. I will have to enter a long password
over and over again for no real reasons.
--
Regards,
On Fri, Jan 30, 2015 at 1:13 PM, Kevin Fenzi ke...@scrye.com wrote:
Just FYI, this will likely be my last post to this thread.
On Fri, 30 Jan 2015 12:59:12 -0700
Chris Murphy li...@colorremedies.com wrote:
User who want or need more secure passwords can always opt in without
affect anyone
On Fri, Jan 30, 2015 at 2:49 PM, Chris Murphy li...@colorremedies.com wrote:
its
devices without passwords are regularly used on public encrypted wifi
and the world is not ending.
Oops, that should be non-encrypted.
--
Chris Murphy
--
test mailing list
test@lists.fedoraproject.org
To
On Fri, 2015-01-30 at 13:13 -0700, Kevin Fenzi wrote:
Because you cannot just say This is some decision, I know whatever I
do will have good and bad tradeoffs, therefore, I will just not decide
and expose all the possible choices to the user. Thats just not
tenable.
That is exactly what
On Fri, 2015-01-30 at 14:49 -0700, Chris Murphy wrote:
I just don't see any consideration here except specious statements
like better security is always a plus. That was the summary extent
of the entire decision making process.
Well, no, AFAICS there isn't anything like that. It was a
On Fri, 2015-01-30 at 08:05 -0600, Chris Adams wrote:
This change was _announced_ here, not discussed (and some responses
make it sound like it is not open to discussion). There was no real
justification for the change in the announcement, except for a vague
better security bit. That
On Fri, 2015-01-30 at 12:59 -0700, Chris Murphy wrote:
What's the actual, real world,
non-imaginary impetus behind the change?
It's exactly what all the list posts I pointed you to say it is. I
don't know how to stop the conspiracy virus which causes people to
leap to the conclusion that
On Fri, Jan 30, 2015 at 01:13:47PM -0700, Kevin Fenzi wrote:
Just FYI, this will likely be my last post to this thread.
I think most people think it's not such a big deal and cannot see why
you are so stridently affected by it.
With all due respect, I think that several others, including
On Fri, 2015-01-30 at 16:08 -0500, Scott Robbins wrote:
On Fri, Jan 30, 2015 at 01:13:47PM -0700, Kevin Fenzi wrote:
Just FYI, this will likely be my last post to this thread.
I think most people think it's not such a big deal and cannot see
why you are so stridently affected by it.
On Fri, Jan 30, 2015 at 1:21 PM, Adam Williamson
adamw...@fedoraproject.org wrote:
On Fri, 2015-01-30 at 12:59 -0700, Chris Murphy wrote:
What's the actual, real world,
non-imaginary impetus behind the change?
It's exactly what all the list posts I pointed you to say it is.
Please go find
On 01/30/2015 12:21 PM, Adam Williamson wrote:
On Fri, 2015-01-30 at 12:59 -0700, Chris Murphy wrote:
What's the actual, real world,
non-imaginary impetus behind the change?
It's exactly what all the list posts I pointed you to say it is. I
don't know how to stop the conspiracy virus which
On Friday, January 30, 2015 04:08:19 PM Scott Robbins wrote:
On Fri, Jan 30, 2015 at 01:13:47PM -0700, Kevin Fenzi wrote:
Just FYI, this will likely be my last post to this thread.
I think most people think it's not such a big deal and cannot see why
you are so stridently affected by it.
On Fri, Jan 30, 2015 at 12:54:22PM -0800, Rick Stevens wrote:
If I wanted to be led by the nose, restricted in what I can do and
nannied constantly, I'd use Windows or a freaking Mac. Sheesh!
Errm, no, they let you choose the password.
Heh, could be a new advertising slogan. YOU choose
If you like your password you can keep it. Period.
Otherwise write it down as in War Games
--
Chuck Forsberg WA7KGX c...@omen.com www.omen.com
Developer of Industrial ZMODEM(Tm) for Embedded Applications
Omen Technology Inc The High Reliability Software
10255 NW Old
On Fri, Jan 30, 2015 at 9:54 AM, Kevin Fenzi ke...@scrye.com wrote:
On Fri, 30 Jan 2015 22:11:12 +0530
Sudhir Khanger m...@sudhirkhanger.com wrote:
On Thursday, January 29, 2015 01:30:11 PM David Lehman wrote:
Pick a single strong password that you can remember and use it
for all of them.
Just FYI, this will likely be my last post to this thread.
On Fri, 30 Jan 2015 12:59:12 -0700
Chris Murphy li...@colorremedies.com wrote:
ATMs have rate and retry limits, among other mechanisms, to permit a 4
digit numeric PIN being adequately secure. Does Fedora have limits on
rate and
On Friday, January 30, 2015 09:54:00 AM Kevin Fenzi wrote:
IMHO, this isn't so big a deal. I'll have to change my throw away
instance test password from 'abc123' to something like 'tacosyum99'
Shrug.
I agree. It is surely not a big deal but the logic behind it is a little weak
and
On Fri, Jan 30, 2015 at 3:03 PM, Adam Williamson
adamw...@fedoraproject.org wrote:
On Fri, 2015-01-30 at 14:49 -0700, Chris Murphy wrote:
I just don't see any consideration here except specious statements
like better security is always a plus. That was the summary extent
of the entire
Once upon a time, Adam Williamson adamw...@fedoraproject.org said:
There's no policy (AFAIK) on what is and is not a Change. FESCo has
the power to effectively declare something to be a Change (and thus
subject to review and so forth) if it decides to do so, but there's
nothing beyond that.
On 01/29/2015 06:30 PM, Scott Robbins wrote:
On Thu, Jan 29, 2015 at 01:37:39PM +0100, Jos Vos wrote:
On Thu, Jan 29, 2015 at 12:56:56AM +, Sérgio Basto wrote:
+1 , I'm against enforce 'good' passwords , it is pretty clear, double
click if you want have an insecure password and system .
On 01/29/2015 05:59 PM, Sudhir Khanger wrote:
On Wednesday, January 28, 2015 08:53:42 AM Brian C. Lane wrote:
This Friday's build of Anaconda will no longer allow you to use weak
passwords and click done twice. In order to promote more secureish
default systems I have increased the password
On Thu, Jan 29, 2015 at 01:37:39PM +0100, Jos Vos wrote:
On Thu, Jan 29, 2015 at 12:56:56AM +, Sérgio Basto wrote:
+1 , I'm against enforce 'good' passwords , it is pretty clear, double
click if you want have an insecure password and system .
+1, enforcing will create lots of
On Wednesday, January 28, 2015 08:53:42 AM Brian C. Lane wrote:
This Friday's build of Anaconda will no longer allow you to use weak
passwords and click done twice. In order to promote more secureish
default systems I have increased the password length required to 8
characters and removed
On Thu, Jan 29, 2015 at 12:56:56AM +, Sérgio Basto wrote:
+1 , I'm against enforce 'good' passwords , it is pretty clear, double
click if you want have an insecure password and system .
+1, enforcing will create lots of frustrations for people often creating
internal test systems, etc. A
On 01/29/2015 06:29 AM, Sudhir Khanger wrote:
On Wednesday, January 28, 2015 08:53:42 AM Brian C. Lane wrote:
This Friday's build of Anaconda will no longer allow you to use weak
passwords and click done twice. In order to promote more secureish
default systems I have increased the password
On Thu, Jan 29, 2015 at 2:23 PM, Adam Williamson
adamw...@fedoraproject.org wrote:
Seriously. Stop this. I have already asked people to stop assigning
negative motivations to others without due cause. This is not being
excellent to each other.
Your user password for your computer is
On Thu, 2015-01-29 at 14:01 -0700, Chris Murphy wrote:
On Wed, Jan 28, 2015 at 5:33 PM, Samuel Sieb sam...@sieb.net wrote:
I just don't understand the reasoning here. Sure, make it very
clear that
the chosen password is weak. Make me jump through several hoops
before accepting the
On Thu, Jan 29, 2015 at 4:32 PM, Adam Williamson
adamw...@fedoraproject.org wrote:
On Thu, 2015-01-29 at 16:24 -0700, Chris Murphy wrote:
It's not actually something that is part of the Change's scope,
but an alternative way to try and achieve the same goal: the
overall thought process was
On Thu, Jan 29, 2015 at 3:18 PM, Adam Williamson
adamw...@fedoraproject.org wrote:
On Thu, 2015-01-29 at 15:09 -0700, Chris Murphy wrote:
On Thu, Jan 29, 2015 at 2:23 PM, Adam Williamson
adamw...@fedoraproject.org wrote:
Seriously. Stop this. I have already asked people to stop
assigning
Once upon a time, Adam Williamson adamw...@fedoraproject.org said:
It's not actually something that is part of the Change's scope, but an
alternative way to try and achieve the same goal: the overall thought
process was well, what the Change proposer really wants is to reduce
the likelihood
Chris Murphy lists at colorremedies.com writes:
If this is really an improvement in security, which it isn't because
an 8 character good password still has very low entropy, then it
It depends - if the only concern is remote access, and there is a limit on
the number of login attempts (either
On Thu, 2015-01-29 at 19:55 -0600, Chris Adams wrote:
Once upon a time, Adam Williamson adamw...@fedoraproject.org said:
It's not actually something that is part of the Change's scope,
but an alternative way to try and achieve the same goal: the
overall thought process was well, what the
On Thu, Jan 29, 2015 at 7:23 PM, Adam Williamson
adamw...@fedoraproject.org wrote:
And as I said to otherChris, 'without open
discussion' is just plainly false. There's a ton of 'open discussion',
spread across three mailing lists.
That's confused. On devel@ the discussion was about the
Adam Williamson composed on 2015-01-29 18:23 (UTC-0800):
You could also, of course, wait more than
one lousy day to give the devs a chance to reply before whipping up a
storm of righteous indignation, but so often that seems too much to
ask?
I wonder if a point of Brian's OP was to gauge
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/29/2015 11:04 PM, Rejy M Cyriac wrote:
On 01/30/2015 01:00 AM, David Lehman wrote:
On 01/29/2015 06:29 AM, Sudhir Khanger wrote:
On Wednesday, January 28, 2015 08:53:42 AM Brian C. Lane
wrote:
This Friday's build of Anaconda will no longer
On Thu, 2015-01-29 at 16:24 -0700, Chris Murphy wrote:
It's not actually something that is part of the Change's scope,
but an alternative way to try and achieve the same goal: the
overall thought process was well, what the Change proposer really
wants is to reduce the likelihood of
Super simple passwords will no longer be allowed... increased security is
worth it.
No, you just made installation more bothersome - the user will then have
to set the passwords he wants after installation is complete. It is good
to warn about a weak password, but I feel I know better than you
On Wed, Jan 28, 2015 at 08:53:42 -0800,
Brian C. Lane b...@redhat.com wrote:
I *know* this is going to be a bit of a pain to get used to. But the
increased security is worth it. Super simple passwords will no longer be
allowed, but it is still easy to come up with one that passes the
checks.
Chris Murphy composed on 2015-01-28 16:05 (UTC-0700):
Brian C. Lane wrote:
I *know* this is going to be a bit of a pain to get used to. But the
Much more than just a bit on a maintainer of multi multiboot systems. If
this actually makes it in and stays through F22 release, it'll be yet
On 01/28/2015 06:54 PM, Adam Williamson wrote:
It was done as a follow-up / alternative to this Change proposal:
https://fedoraproject.org/wiki/Changes/SSHD_PermitRootLogin_no
a lot of the reaction to that was along the lines of 'well, why not
just make sure the root password is secure', and
On Wed, 2015-01-28 at 19:29 -0500, Samuel Sieb wrote:
On 01/28/2015 06:54 PM, Adam Williamson wrote:
a lot of the reaction to that was along the lines of 'well, why
not just make sure the root password is secure', and that got
picked up by anaconda folks. You can follow the discussion in
On 01/29/15 00:53, Brian C. Lane wrote:
This Friday's build of Anaconda will no longer allow you to use weak
passwords and click done twice. In order to promote more secureish
default systems I have increased the password length required to 8
characters and removed allowing weak (as defined by
On Wed, Jan 28, 2015 at 4:17 PM, Adam Williamson
adamw...@fedoraproject.org wrote:
Note that just last release, I managed to get g-i-s changed to allow
'weak' passwords with a warning, in order to be consistent with
anaconda and initial-setup...so now it'll have to get changed back
again.
I
On Thu, 2015-01-29 at 07:41 +0800, Ed Greshko wrote:
On 01/29/15 00:53, Brian C. Lane wrote:
This Friday's build of Anaconda will no longer allow you to use
weak passwords and click done twice. In order to promote more
secureish default systems I have increased the password length
On 01/28/2015 06:54 PM, Adam Williamson wrote:
a lot of the reaction to that was along the lines of 'well, why not
just make sure the root password is secure', and that got picked up by
anaconda folks. You can follow the discussion in the devel@ and
anaconda-devel-list archives.
Is it just the
On Qua, 2015-01-28 at 16:05 -0700, Chris Murphy wrote:
On Wed, Jan 28, 2015 at 9:53 AM, Brian C. Lane b...@redhat.com wrote:
I *know* this is going to be a bit of a pain to get used to. But the
increased security is worth it. Super simple passwords will no longer be
allowed, but it is
drago01 drago01 at gmail.com writes:
On Wed, Jan 28, 2015 at 5:53 PM, Brian C. Lane bcl at redhat.com wrote:
I *know* this is going to be a bit of a pain to get used to. But the
increased security is worth it.
Depends ... if you force user to choose a password that they can't
possibly
On Wed, Jan 28, 2015 at 22:20:54 +,
Andre Robatino robat...@fedoraproject.org wrote:
down, they could forget it after the install, and be locked out. I was also
wondering about ways to get around the password - for example if the disk
isn't encrypted, or there's no bootloader password.
On Wed, Jan 28, 2015 at 5:53 PM, Brian C. Lane b...@redhat.com wrote:
I *know* this is going to be a bit of a pain to get used to. But the
increased security is worth it.
Depends ... if you force user to choose a password that they can't
possibly remember you increase the likelihood of them
On Wed, Jan 28, 2015 at 9:53 AM, Brian C. Lane b...@redhat.com wrote:
I *know* this is going to be a bit of a pain to get used to. But the
increased security is worth it. Super simple passwords will no longer be
allowed, but it is still easy to come up with one that passes the
checks. pwgen
On 01/28/2015 05:20 PM, Andre Robatino wrote:
One could use the passwd command to change the password after the install
(assuming the passwd command won't require strong passwords as well). There
Only root can force passwd to allow weak passwords unless you change the
pam config files. You
On Wed, 2015-01-28 at 16:05 -0700, Chris Murphy wrote:
On Wed, Jan 28, 2015 at 9:53 AM, Brian C. Lane b...@redhat.com
wrote:
I *know* this is going to be a bit of a pain to get used to. But
the increased security is worth it. Super simple passwords will no
longer be allowed, but it is
On Wed, Jan 28, 2015 at 04:05:55PM -0700, Chris Murphy wrote:
On Wed, Jan 28, 2015 at 9:53 AM, Brian C. Lane b...@redhat.com wrote:
I *know* this is going to be a bit of a pain to get used to. But the
increased security is worth it. Super simple passwords will no longer be
allowed, but it
On Wed, 2015-01-28 at 19:33 -0500, Samuel Sieb wrote:
On 01/28/2015 06:54 PM, Adam Williamson wrote:
It was done as a follow-up / alternative to this Change proposal:
https://fedoraproject.org/wiki/Changes/SSHD_PermitRootLogin_no
a lot of the reaction to that was along the lines of
On Wed, 2015-01-28 at 19:23 -0600, John Morris wrote:
On Wed, 2015-01-28 at 19:33 -0500, Samuel Sieb wrote:
On 01/28/2015 06:54 PM, Adam Williamson wrote:
It was done as a follow-up / alternative to this Change proposal:
https://fedoraproject.org/wiki/Changes/SSHD_PermitRootLogin_no
This Friday's build of Anaconda will no longer allow you to use weak
passwords and click done twice. In order to promote more secureish
default systems I have increased the password length required to 8
characters and removed allowing weak (as defined by libpwquality)
passwords.
I *know* this is
76 matches
Mail list logo
