Linux Mint Forums

[xenopeek]

All this password problem garbage could easily be eliminated if passwords were made optional. Sure, there are tons of situations where you have multiuser environments and priveleges have to be regulated. There are also plenty of situations (such as mine) where nobody touches the computer except me, and, as such, this "protection" is nothing more than a nuisance. My password is simply 0 (zero), any time that prompt comes up I enter 0+[enter] automatically. I don't know and I don't care why it asks for it, it's nothing more than a niusance.

I don't know how Mint works in this case, but once when I had Ubuntu I made the mistake of typing in a longer password when I installed it. What a nightmare to change it! The OS insisted on a strong, unmemorizable password and would not let me enter anything simple or even similar to the old password. Naturally it gets worse when you consider the fact that I am constantly making typos, and since the password does not echo, I could type it wrong 10 times or before it locks me out. I don't think it'll even allow you to paste it in using Ctrl-V. I had to reformat and start from scratch to simplify the password - and all because the developers are trying to "protect" me some some boggie man what I have yet to encounter and probably never will.

I have yet to see a single argument in defense of mandatory passwords that could very easily be discredited.

[grimdestripador]

There are also plenty of situations (such as mine) where nobody touches the computer except me, and, as such, this "protection" is nothing more than a nuisance. My password is simply 0 (zero), any time that prompt comes up I enter 0+[enter] automatically. I don't know and I don't care why it asks for it, it's nothing more than a niusance.

I hope you don't have any type of network.

What a nightmare to change it! The OS insisted on a strong, unmemorizable password and would not let me enter anything simple or even similar to the old password.

Yeah, typing with bricks as hands is hard. And chaning that password, involves one liner...

Code: Select all

sudo password <username>

or perhaps if you don't know the password you use use Shift during grub boot, edit the boot command. hit 'e', hit down arrow until on kernel line. Hit right arrow until till right. type 'single'. It should appear after the word splash. ... https://www.youtube.com/watch?v=esPN1NYDhas

Naturally it gets worse when you consider the fact that I am constantly making typos, and since the password does not echo, I could type it wrong 10 times or before it locks me out. I don't think it'll even allow you to paste it in using Ctrl-V.

If your using terminal, try Shift-Insert. Perhaps Right-Rlick the terminal window and paist. The gksu way of prompting passwords allows for Control-V paisting.

I had to reformat and start from scratch to simplify the password - and all because the developers are trying to "protect" me some some boggie man what I have yet to encounter and probably never will.

You didn't have to format. see the above code about the program 'passwd'.

I love windows 95 too. That single logon, with all programs running as admin user, had no password distractions. When download my internet acceleratorers from bonzi-buddie and want the auto install to go without any inturruptions. Without all these password inturruptions applications executated in the webbrowser can now run as admin as you. Talk about efficiency, its like two of me on the computer, now that its bot-netted.

I have yet to see a single argument in defense of mandatory passwords that could very easily be discredited.

Is now the time where i make my own assertions, and we get in a flame war? Power to the entropy!

[kurok]

Passwords aren't useless they are there for security.
If you want a linux distro that dosent ask for alot of passwords use one the run's as root. Or figure out how to run as root on the one your using.
I'm not going to tell you how but a quick google search should give you what your looking for.
Have fun

[rocketfish201]

I love windows 95 too. That single logon, with all programs running as admin user, had no password distractions. When download my internet acceleratorers from bonzi-buddie and want the auto install to go without any inturruptions. Without all these password inturruptions applications executated in the webbrowser can now run as admin as you. Talk about efficiency, its like two of me on the computer, now that its bot-netted.

Thank you, that just made my day.

[Burrito]

I have no problems typing my 12-characters-or-more operating system password... It's become muscle memory by now. Problem is, if I ever want to change it, I'll have to learn how to type the new one that quickly.

As mentioned above, they are actually useful if you have any hope of staying secure while communicating over a network. Would be nice if Firefox used Gnome Keyring though. Anyone know a way of doing that?

[catweazel]

I have no problems typing my 12-characters-or-more operating system password.

Now that's just way over the top. You're not telling porkies about the length of your password are you? My 11 characters is sufficient for me.

[Burrito]

I have no problems typing my 12-characters-or-more operating system password.

Now that's just way over the top. You're not telling porkies about the length of your password are you? My 11 characters is sufficient for me.

I was cryptic about the length on purpose. It might be twelve. It might be more. Twelve or more characters was recently recommended by an article I read about GPU-powered password cracking. Above 12 characters (ASCII, capitals, weird ones, etc), at the time of the writing of that article, GPU-powered cracking is no longer viable, if your hashes are salted and secure (Linux logon ones are). Sorry, can't find the article.

[grimdestripador]

I have no problems typing my 12-characters-or-more operating system password.

Now that's just way over the top. You're not telling porkies about the length of your password are you? My 11 characters is sufficient for me.

I was cryptic about the length on purpose. It might be twelve. It might be more. Twelve or more characters was recently recommended by an article I read about GPU-powered password cracking. Above 12 characters (ASCII, capitals, weird ones, etc), at the time of the writing of that article, GPU-powered cracking is no longer viable, if your hashes are salted and secure (Linux logon ones are). Sorry, can't find the article.

Say we use an english keyboard, we have something like 108^12=2.518170117×10²⁴, or 2.5 Novillan (a million-million-million-million). Combinations. Not only must we be able to calculate this enormous amount of possibilities, but we also must be able to access them using ram. So given a 64 bit computer, which can (not yet, but theoretical) use 64 bits ofs memory space. we have 1.844674407×10¹⁹ possible combinations. Thus using a 12 character password is theoretically impossible task, taking up 10,000 more memory than the system has available. This is important because most password cracking programs use a reverse lookup table (as in pre-computed hashs to known passwords), known as a rainbow table. Say we don't care about speed, and store all results in a disk file, we take a 10,000:1 speed drop. Storing the rainbow table to disk will take more than (108^12)/(1024^3) = 2,000,000,000,000,000 TeraBytes.

So what lenght of password is definatly not safe.. 6 characters. My calcualtion of usable characters, a-Z,A-Z,0-9,)-! is 24+24+10+10=68. Leads to 68^6/1024^3 = 92.07 GigaBytes. Where 92 Gigabytes is a reasonble amount of storage space.

TLDR; 12 character passwords are more than sufficient strength, assuming random characters, non repeating.

[humb]

Let me answer each of the posts:

Grimdestripador: I'm only on the internet and no other network. There is an internal LAN but only my wife uses it, and even then she's mostly on Facebook. In all the years I've been computing I've never been hacked, so much so that the annoyance of entering a password, at least for me, is unnecessary. As for your comment of having bricks for hands, be advised I'm a lousy typist and I'm contantly making typos. The worst part of a Linux passwords is that it doesn't echo and, as such, I can't correct my typos. Also, I've downloaded the Youtube video you recommended to look at it carefully. And finally, I've always noticed that flame wars begin when one of the two parties has no rational arguments to back up his beliefs or opinions.

Kurok: How does a password protect me if I blindly enter (0) it regardless of what's on the screen? As I see it, the password is nothing more than the sheep that cried wolf, with the exception of the fact that I have yet to see anything even resembling a wolf. Also, finding a way to run Linux as root is a splendid idea. Without root you can't do anything and may as well not even have a computer. Even to run Bleachbit as root you have to enter the damned password. Running Bleachbit without root is like doing nothing - all the raw sewage will stay behind.

I've said once and I'll say it a million times - my problem is making passwords MANDATORY with no option to get rid of them entirely. What protection do they offer me if I just enter 0 (my password) when i see it regardless of why it's asking?

[flyboy1565]

Why not create a macros for your password if it's such a bother

Sent from my ADR6350 using Tapatalk 2

[ASmith]

I'd like to see token file password/phrase support added as a option to Linux Mint distributions. The way it works is to read in the bottom 256bits of a specific small compressed file on a device such as a disk or flash drive. Generally the small compressed file is among 100+ similar but different files with nothing to indicate to a lookie lew what they actually do.

The Token file is read in to provide the maximum password length and given the compressed file extended characters, it makes for a extremely strong password which you don't need to memorise and you could briefly use it on a employees computer for administrative uses without that employee being able to read your password also.

Recently the Obama Whitehouse DOJ (Department of Justice) has began instructing judges to force suspects to divulge their computer passwords under penalty of perjury or whatever torture of the month they choose. With a token file, you do not know what your password is and can truthfully tell any goose stepping agents or injustice system employees that over and over until that sinks in for them.