On Mar 7, 2012, at 6:29 AM, Miloslav Trmač wrote:
UNIX didn't have these defaults originally; they were added in the
90's only after real-world experience has shown that these policies
are necessary (and they have been pretty much unchanged for the last
10-15 years, AFAIK).
It's a philosophical conversation that's probably out of scope for this list, but
this amounts to baby sitting stupid people. The first thing such a person must accept as
true, is that it's necessary to parent morons by second guessing their choices. I
think that in and of itself is radically moronic. It says it's OK for complete
strangers to hassle other people about their passwords, not even knowing the context.
It's a shake down, and it's how we've arrived at an INSANE password paradigm
where we routinely can't choose long memorable passwords, and are instead often forced
to choose short 12-15 character passwords that mandate a certain quantity of numerical and
special characters. They're difficult to remember, ensuring it will be written down,
likely in some unencrypted file, and actually increases the statistical likelihood of a
compromise.
(and FWIW, regarding the "hullop130" password, a quick grep shows that
"hullo" is in the dictionary, and cracklib may have additional rules
or ways to arrive at the password from a different dictionary word).
Ok so in other words, this is a 5 year old baby sitter and is marginally competent at the
intended task from the outset. I get a time to crack between 101 seconds and 32000 years.
The computer in question is used only for testing. The single drive was wiped using the
ATA ESE command before I started, so there literally is nothing useful on this computer,
but setting the password was like getting sand in body orifices.
I su'd to root and changed the password to hello, and now I feel much better.
Chris Murphy