Password

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
bachcole
Level 3
Level 3
Posts: 113
Joined: Mon Mar 30, 2015 2:38 pm

Password

Post by bachcole » Fri Apr 20, 2018 4:12 pm

Please just answer me this. If I enter the wrong password say 10 or 20 times without success, will the system lock me out permanently? I am pretty sure that I can get it given enough attempts.

Cosmo.
Level 23
Level 23
Posts: 17830
Joined: Sat Dec 06, 2014 7:34 am

Re: Password

Post by Cosmo. » Fri Apr 20, 2018 4:15 pm

No, you can still try it again.

Mute Ant
Level 13
Level 13
Posts: 4728
Joined: Tue Sep 03, 2013 7:45 pm

Re: Password

Post by Mute Ant » Fri Apr 20, 2018 5:43 pm

"..I am pretty sure that I can get it given enough attempts..." Oh yes, it's called a Brute Force Attack in the cryptography world. It's also a criminal offence just to guess in some parts of the real world, too, even if the guess is wrong.

It's the 'enough attempts' that acts as a barrier to casual snooping...
o Linux uses a 'hash' with 'salt' to limit random attempts to around 1 per second.
o Each 'bit' of randomness doubles the time taken to guess a password.
o Symbols chosen from the sets {a..z} {A..Z} {0..9} {.} { } is 6 bits per symbol, so each symbol added to the password makes it 64 times more difficult to guess. It's easy to require too many attempts to be worth bothering...
o Password of 1 symbol -----> 6 bits -----> average brute force attack is (2^5) == 32 seconds
o Password of 2 symbols -----> 12 bits -----> average brute force attack 34 minutes
o Password of 3 symbols -----> 18 bits -----> average brute force attack 1.5 days
o Password of 4 symbols -----> 24 bits -----> average brute force attack 97 days
o Password of 5 symbols -----> 30 bits -----> average brute force attack 17 years
o Password of 6 symbols -----> 36 bits -----> average brute force attack 1089 years

I use old telephone numbers, the ones you just can't forget that were disconnected back in 1975...
Six symbols chosen from {0..9} is very close to 20 bits of randomness -----> 6 days.
Last edited by Mute Ant on Fri Apr 20, 2018 9:27 pm, edited 1 time in total.
Right at the bottom, all alone in the centre of the bright cold floor, was a lemon drop.

bachcole
Level 3
Level 3
Posts: 113
Joined: Mon Mar 30, 2015 2:38 pm

Re: Password

Post by bachcole » Fri Apr 20, 2018 8:31 pm

My Update Manager is broken. It does not show that I need any updates and has not done so for many months. It currently does not show that I need a new FireFox. What do I do, now that I know that I can break my lost password logjam?

The trouble with supplying passwords automatically (as dots) is that we never get to see what password that we used and we never get to use it repeatedly to strengthen our memory of it.

I want my Update Manager to work properly. My version is Linux Mint 17.3 Rosa.

User avatar
slipstick
Level 5
Level 5
Posts: 615
Joined: Sun Oct 21, 2012 9:56 pm
Location: Somewhere on the /LL0 scale

Re: Password

Post by slipstick » Fri Apr 20, 2018 9:22 pm

Mute Ant wrote:
Fri Apr 20, 2018 5:43 pm
I use old telephone numbers, the ones you just can't forget that were disconnected back in 1975...
Six symbols chosen from {0..9} is very close to 20 bits of randomness -----> 6 days
The phone numbers I remember are so old they had a 2 letter prefix and 5 digits; e.g., JA(ckson)-30218. And more randomness!
In theory, theory and practice are the same. In practice, they ain't.

Mute Ant
Level 13
Level 13
Posts: 4728
Joined: Tue Sep 03, 2013 7:45 pm

Re: Password

Post by Mute Ant » Fri Apr 20, 2018 11:05 pm

"The trouble with supplying passwords automatically..." Well yes. There's another queue of users complaining that they need a password at all, presumably ignorant of the fact that passwords can be switched off e.g. Live Session user mint can sudo without any password at all. If you can't sudo and you can't log in as root you are locked out, just like a hacker would be. There's a huge number of posts already re: I Have Forgotten My Password which cure login and sudo problems. What can't be weaselled is encryption... no password... no data.
Right at the bottom, all alone in the centre of the bright cold floor, was a lemon drop.

User avatar
lsemmens
Level 4
Level 4
Posts: 338
Joined: Wed Sep 10, 2014 9:07 pm
Location: Rural South Australia

Re: Password

Post by lsemmens » Fri Apr 20, 2018 11:33 pm

For non critical stuff I use ONE password. If it get's broken, the worst they can do is see my dirty dishes. I then have a couple of other way more secure passwords that get used depending upon what I am trying to protect is. My banking details are NEVER recorded anywhere, so if I forget them, I have to visit the bank. The rest are stored somewhere in an innocuous file amongst about 5Tb of files. What that file is, and how to access it, well, if I ever forget that, I'm in deep do do.
Kernel: 4.13.0-37-generic x86_64 (64 bit gcc: 5.4.0)
Desktop: Cinnamon 3.6.7 (Gtk 3.18.9-1ubuntu3.3)
Distro: Linux Mint 18.3 Sylvia

Laptop T4500 Dualcore 3Gb RAM
Out of my mind - please leave a message

User avatar
karlchen
Level 18
Level 18
Posts: 8665
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Password

Post by karlchen » Sat Apr 21, 2018 6:57 am

bachcole wrote:
Fri Apr 20, 2018 4:12 pm
If I enter the wrong password say 10 or 20 times without success, will the system lock me out permanently? I am pretty sure that I can get it given enough attempts.
There is a way of instructing Ubuntu/Mint to limit failed login attempts to a given number and to lock the account for a given period of time, if the maximum number of failed login attemtps has been reached.
This should help prevent people (or software) from easily hacking your account, because they only have got a limited number of tries.
Sadly the procedure to achieve the goal seems to be much less friendly than on Windows where you can easily configure max. login tries and the timespam how long the account will remain unlocked.
Cf. here, please: Ubuntu - Account Lockout Help
Image
Old bugs good, new bugs bad! Updates are evil: might fix old bugs and introduce no new ones.

Post Reply

Return to “Newbie Questions”