Password's are useless

Chat about just about anything else

Password's are useless

Postby humb on Sun Mar 10, 2013 10:29 pm

All this password problem garbage could easily be eliminated if passwords were made optional. Sure, there are tons of situations where you have multiuser environments and priveleges have to be regulated. There are also plenty of situations (such as mine) where nobody touches the computer except me, and, as such, this "protection" is nothing more than a nuisance. My password is simply 0 (zero), any time that prompt comes up I enter 0+[enter] automatically. I don't know and I don't care why it asks for it, it's nothing more than a niusance.

I don't know how Mint works in this case, but once when I had Ubuntu I made the mistake of typing in a longer password when I installed it. What a nightmare to change it! The OS insisted on a strong, unmemorizable password and would not let me enter anything simple or even similar to the old password. Naturally it gets worse when you consider the fact that I am constantly making typos, and since the password does not echo, I could type it wrong 10 times or before it locks me out. I don't think it'll even allow you to paste it in using Ctrl-V. I had to reformat and start from scratch to simplify the password - and all because the developers are trying to "protect" me some some boggie man what I have yet to encounter and probably never will.

I have yet to see a single argument in defense of mandatory passwords that could very easily be discredited.
Last edited by xenopeek on Mon Mar 11, 2013 3:28 am, edited 1 time in total.
Reason: Split from a support request topic, and moved here. This isn't helping the person with a problem, so please discuss it here instead.
User avatar
humb
Level 1
Level 1
 
Posts: 16
Joined: Mon Jul 30, 2012 11:19 pm

Linux Mint is funded by ads and donations.
 

Re: Password's are useless

Postby grimdestripador on Tue Mar 12, 2013 2:49 pm

humb wrote:There are also plenty of situations (such as mine) where nobody touches the computer except me, and, as such, this "protection" is nothing more than a nuisance. My password is simply 0 (zero), any time that prompt comes up I enter 0+[enter] automatically. I don't know and I don't care why it asks for it, it's nothing more than a niusance.

I hope you don't have any type of network.

humb wrote:What a nightmare to change it! The OS insisted on a strong, unmemorizable password and would not let me enter anything simple or even similar to the old password.

Yeah, typing with bricks as hands is hard. And chaning that password, involves one liner...
Code: Select all
sudo password <username>

or perhaps if you don't know the password you use use Shift during grub boot, edit the boot command. hit 'e', hit down arrow until on kernel line. Hit right arrow until till right. type 'single'. It should appear after the word splash. ... https://www.youtube.com/watch?v=esPN1NYDhas

humb wrote:Naturally it gets worse when you consider the fact that I am constantly making typos, and since the password does not echo, I could type it wrong 10 times or before it locks me out. I don't think it'll even allow you to paste it in using Ctrl-V.

If your using terminal, try Shift-Insert. Perhaps Right-Rlick the terminal window and paist. The gksu way of prompting passwords allows for Control-V paisting.

humb wrote:I had to reformat and start from scratch to simplify the password - and all because the developers are trying to "protect" me some some boggie man what I have yet to encounter and probably never will.


You didn't have to format. see the above code about the program 'passwd'.

I love windows 95 too. That single logon, with all programs running as admin user, had no password distractions. When download my internet acceleratorers from bonzi-buddie and want the auto install to go without any inturruptions. Without all these password inturruptions applications executated in the webbrowser can now run as admin as you. Talk about efficiency, its like two of me on the computer, now that its bot-netted.



humb wrote:I have yet to see a single argument in defense of mandatory passwords that could very easily be discredited.

Is now the time where i make my own assertions, and we get in a flame war? Power to the entropy!
User avatar
grimdestripador
Level 6
Level 6
 
Posts: 1069
Joined: Fri Feb 16, 2007 2:26 am

Re: Password's are useless

Postby kurok on Wed Mar 13, 2013 2:25 pm

Passwords aren't useless they are there for security.
If you want a linux distro that dosent ask for alot of passwords use one the run's as root. Or figure out how to run as root on the one your using.
I'm not going to tell you how but a quick google search should give you what your looking for.
Have fun
kurok
Level 1
Level 1
 
Posts: 48
Joined: Thu Nov 03, 2011 5:37 pm

Re: Password's are useless

Postby rocketfish201 on Fri Mar 15, 2013 9:15 am

I love windows 95 too. That single logon, with all programs running as admin user, had no password distractions. When download my internet acceleratorers from bonzi-buddie and want the auto install to go without any inturruptions. Without all these password inturruptions applications executated in the webbrowser can now run as admin as you. Talk about efficiency, its like two of me on the computer, now that its bot-netted.

Thank you, that just made my day.
Dell Inspiron N5050
- Linux Mint 13 MATE x64
- Intel Core i3-2350M @ 2.30GHz
- Intel HD Graphics 3000
- 6GB DDR3 1333Mhz
- 500GB 5400 RPM HDD
- BCM4313 802.11b/g/n & Bluetooth 3.0+HS
User avatar
rocketfish201
Level 1
Level 1
 
Posts: 3
Joined: Sat Jan 05, 2013 8:54 am

Re: Password's are useless

Postby Burrito on Mon Mar 18, 2013 7:42 pm

I have no problems typing my 12-characters-or-more operating system password... It's become muscle memory by now. Problem is, if I ever want to change it, I'll have to learn how to type the new one that quickly.

As mentioned above, they are actually useful if you have any hope of staying secure while communicating over a network. Would be nice if Firefox used Gnome Keyring though. Anyone know a way of doing that?
Burrito
Level 1
Level 1
 
Posts: 32
Joined: Sat Mar 10, 2012 9:59 pm

Re: Password's are useless

Postby catweazel on Tue Mar 19, 2013 3:00 am

Burrito wrote:I have no problems typing my 12-characters-or-more operating system password.

Now that's just way over the top. You're not telling porkies about the length of your password are you? My 11 characters is sufficient for me.
Mint Testing Team & Mint Donor #3606
KDE 4.12.0, custom preemptive kernel 3.12.5,
Intel i7 4770K @ 4.7GHz, 16GB 2666MHz XMP,
4 Samsung 840 PRO 512GB SSDs in RAID0,
6TB HW RAID10, dual 24" Acer X243H,
Gigabyte nVidia GTX 680 Super Overclock
User avatar
catweazel
Level 7
Level 7
 
Posts: 1656
Joined: Fri Oct 12, 2012 9:44 pm

Re: Password's are useless

Postby Burrito on Thu Mar 21, 2013 2:44 pm

TehGhodTrole wrote:
Burrito wrote:I have no problems typing my 12-characters-or-more operating system password.

Now that's just way over the top. You're not telling porkies about the length of your password are you? My 11 characters is sufficient for me.

I was cryptic about the length on purpose. It might be twelve. It might be more. Twelve or more characters was recently recommended by an article I read about GPU-powered password cracking. Above 12 characters (ASCII, capitals, weird ones, etc), at the time of the writing of that article, GPU-powered cracking is no longer viable, if your hashes are salted and secure (Linux logon ones are). Sorry, can't find the article.
Burrito
Level 1
Level 1
 
Posts: 32
Joined: Sat Mar 10, 2012 9:59 pm

Re: Password's are useless

Postby grimdestripador on Thu Mar 21, 2013 4:11 pm

Burrito wrote:
TehGhodTrole wrote:
Burrito wrote:I have no problems typing my 12-characters-or-more operating system password.

Now that's just way over the top. You're not telling porkies about the length of your password are you? My 11 characters is sufficient for me.

I was cryptic about the length on purpose. It might be twelve. It might be more. Twelve or more characters was recently recommended by an article I read about GPU-powered password cracking. Above 12 characters (ASCII, capitals, weird ones, etc), at the time of the writing of that article, GPU-powered cracking is no longer viable, if your hashes are salted and secure (Linux logon ones are). Sorry, can't find the article.



Say we use an english keyboard, we have something like 108^12=2.518170117×10²⁴, or 2.5 Novillan (a million-million-million-million). Combinations. Not only must we be able to calculate this enormous amount of possibilities, but we also must be able to access them using ram. So given a 64 bit computer, which can (not yet, but theoretical) use 64 bits ofs memory space. we have 1.844674407×10¹⁹ possible combinations. Thus using a 12 character password is theoretically impossible task, taking up 10,000 more memory than the system has available. This is important because most password cracking programs use a reverse lookup table (as in pre-computed hashs to known passwords), known as a rainbow table. Say we don't care about speed, and store all results in a disk file, we take a 10,000:1 speed drop. Storing the rainbow table to disk will take more than (108^12)/(1024^3) = 2,000,000,000,000,000 TeraBytes.

So what lenght of password is definatly not safe.. 6 characters. My calcualtion of usable characters, a-Z,A-Z,0-9,)-! is 24+24+10+10=68. Leads to 68^6/1024^3 = 92.07 GigaBytes. Where 92 Gigabytes is a reasonble amount of storage space.

TLDR; 12 character passwords are more than sufficient strength, assuming random characters, non repeating.
User avatar
grimdestripador
Level 6
Level 6
 
Posts: 1069
Joined: Fri Feb 16, 2007 2:26 am

Re: Password's are useless

Postby humb on Mon Mar 25, 2013 9:57 pm

Let me answer each of the posts:

Grimdestripador: I'm only on the internet and no other network. There is an internal LAN but only my wife uses it, and even then she's mostly on Facebook. In all the years I've been computing I've never been hacked, so much so that the annoyance of entering a password, at least for me, is unnecessary. As for your comment of having bricks for hands, be advised I'm a lousy typist and I'm contantly making typos. The worst part of a Linux passwords is that it doesn't echo and, as such, I can't correct my typos. Also, I've downloaded the Youtube video you recommended to look at it carefully. And finally, I've always noticed that flame wars begin when one of the two parties has no rational arguments to back up his beliefs or opinions.

Kurok: How does a password protect me if I blindly enter (0) it regardless of what's on the screen? As I see it, the password is nothing more than the sheep that cried wolf, with the exception of the fact that I have yet to see anything even resembling a wolf. Also, finding a way to run Linux as root is a splendid idea. Without root you can't do anything and may as well not even have a computer. Even to run Bleachbit as root you have to enter the damned password. Running Bleachbit without root is like doing nothing - all the raw sewage will stay behind.

I've said once and I'll say it a million times - my problem is making passwords MANDATORY with no option to get rid of them entirely. What protection do they offer me if I just enter 0 (my password) when i see it regardless of why it's asking?
User avatar
humb
Level 1
Level 1
 
Posts: 16
Joined: Mon Jul 30, 2012 11:19 pm

Re: Password's are useless

Postby flyboy1565 on Mon Mar 25, 2013 11:21 pm

Why not create a macros for your password if it's such a bother

Sent from my ADR6350 using Tapatalk 2
flyboy1565
Level 3
Level 3
 
Posts: 101
Joined: Sat Feb 16, 2013 2:07 am

Re: Password's are useless

Postby ASmith on Thu May 09, 2013 3:42 am

I'd like to see token file password/phrase support added as a option to Linux Mint distributions. The way it works is to read in the bottom 256bits of a specific small compressed file on a device such as a disk or flash drive. Generally the small compressed file is among 100+ similar but different files with nothing to indicate to a lookie lew what they actually do.

The Token file is read in to provide the maximum password length and given the compressed file extended characters, it makes for a extremely strong password which you don't need to memorise and you could briefly use it on a employees computer for administrative uses without that employee being able to read your password also.

Recently the Obama Whitehouse DOJ (Department of Justice) has began instructing judges to force suspects to divulge their computer passwords under penalty of perjury or whatever torture of the month they choose. With a token file, you do not know what your password is and can truthfully tell any goose stepping agents or injustice system employees that over and over until that sinks in for them.
User avatar
ASmith
Level 3
Level 3
 
Posts: 151
Joined: Tue Nov 08, 2011 1:47 am

Linux Mint is funded by ads and donations.
 

Return to Open chat

Who is online

Users browsing this forum: No registered users and 6 guests

cron