username, password for proxy setting in yum and for other purpose
On Fri, 2011-02-11 at 15:44 +0100, Alain Roger wrote:
> 2. in our company password must be changed every 60 days.
Actually, that's not a security measure. It's a false belief. And
tends to have the opposite effect.
It's harder for people to remember changing passwords, particularly when
they have to remember lots of different passwords. So they're far more
likely to write it down, and they're likely to write it somewhere that's
easily spied upon.
Changing it won't make it any harder to make a random guess at it. It's
just about as hard to guess it, no matter whether it stays the same, or
periodically changes. Or, it's just as likely that you might guess what
it changed to, as guess what it has always been. Likewise, it's only
one chance easier to guess a password that isn't changed by going
through a dictionary attack and keeping track of which words you've
already tried (i.e. if you could pick one word from a list of 600,000
words that you might use, that's a 1/600,000 chance of guessing it; then
if you changed it, it's a 1/599,999 chance of getting it right,
presuming no repeats, that's hardly a significant change).
If a password has already been cracked, that should have been detected.
If you're not checking for cracking attempts, you're not doing good
> a) how can i store username and password in a not human readable way
> (encrypted for example) a still make it available for yum, or ther
> purposes like firefox ?
Encrypted whole drive contents, so it's ready normally while running,
but isn't readable if someone steals the drive?
Run a local proxy that uses your password to access the secured one, and
your local apps all go through your unsecured but restricted local
Securing the local copy is going to be a bit pointless if you blurt it
out unencrypted across the network (e.g. in HTTP requests) to be easily
> b) how can i do to only once change it and that change should be
> applicable for all purposes like yum, firefox, and so on... ?
The simple solution for setting your password in one place, and
everything always using *that* password, is for all configuration files
that have a password set into them, their config scripts import your
password from a single known file that holds the password.
What about don't store the password in a file. Store it as a variable
held in memory. You type it in once, when requested to, and everything
sources that variable. And it's reset when you log out.
[tim@localhost ~]$ uname -r
Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.
users mailing list
To unsubscribe or change subscription options: