| From: | Miloslav Trmač <mitr-AT-redhat.com> |
| To: | Development discussions related to Fedora <devel-AT-lists.fedoraproject.org> |
| Subject: | Re: FESCO request to revert password confirmation change in F22 |
| Date: | Fri, 6 Mar 2015 19:25:53 -0500 (EST) |
| Message-ID: | <812614378.31471006.1425687953436.JavaMail.zimbra@redhat.com> |
| Cc: | fesco-AT-lists.fedoraproject.org, anaconda-devel-list-AT-redhat.com |
| Archive‑link: | Article |
No, the real security is actually the minimum of (disk encryption password)*fuzz, (user account/screen lock password); with a fuzz factor accounting for the fact that disk encryption password can be broken off-line, at full speed, farming it out to thousands of machines, but a screen lock password needs to be typed (or perhaps brute-forced using a keyboard-mimicking USB device, still slower than full speed, and restricted to one guess at a time). The way we deploy LUKS, a single password guess takes one second on a comparable hardware, so the fuzz factor is not actually as large as it might seem. The screen lock password still matters, though it does not need to be as strong as the disk encryption password. Mirek -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct