On passwords, securtiy and real -sweat, blook and tears- life
Joe Barnett
joe.barnett at mr72.com
Sat Apr 29 04:26:36 UTC 2006
A.J. Bonnema wrote:
> Hi all,
>
> A common problem with passwords are their guessabilty (yes, as a
> non-native English speaker, I too make up words.....). For instance,
> even though I have taught my daughter to not use dictionary words, names
> etc, her password for one of the online accounts got hijacked. What
> happened was, she used: _____ (five underscores) as a password: arghghgh.
>
> But it did make me think again about the security of my home network.
> Unfortunately most passwords are dictionary words, that are easy to
> guess using f.i. the john password guesser program, combined with
> numbers and if you are lucky a special charactor or two.
>
> What I wonder about is the following:
>
> * given that all ports are closed to external contact through a physical
> allbeit consumer oriented firewall, just means I am safe for
> port-scanners. But does it mean that I am safe from cracker systems /
> programs? Is there a way to break in, without allowing external contact
> through one of the ports? (not including trojans and the like).
>
> * A second issue is: suppose I would force my family to use really
> random passwords (like characters picked from a one-time pad). And now
> suppose I lose my root-password: would I be able to rectify this,
> without destroying the data?
>
> Guus.
apg ("yum install apg" should do the trick I would think) will help
generate (relatively?) secure passwords, and by default will
generate some that are least somewhat easy to remember though should
be very difficult to guess attack.
Try running it with the following command:
apg -M SNCL -r /usr/share/dict/words
which generates output something like this:
Kam5quon!
2FrijibIb]
er7Oddus`
Un'blahij1
tru~Glac2
3Odnirs%
My guess is that any of the above should be reasonably secure and
*not too* difficult to remember.
With local access to the machine you should be able to boot into...
into... some kind of root/superuser mode should the need arise.
Fortunately I have not had to do so for several years.
Unfortunately, I do not remember how...
I cannot speak to the firewall/gateway appliance you are using -- I
have been using OpenBSD on an old workstation with a few NICs as my
firewall/gateway for several years now. Sorry, not trying to start
problems here -- this is something we did years ago at an old
employer of mine after experiencing problems with several
off-the-shelf type firewall/gateway appliances.
Good luck,
Joe
More information about the fedora-list
mailing list