Hacker News new | ask | show | jobs
by yjftsjthsd-h 237 days ago
> lol Are you saying that a distro that makes this kind of claim shouldn't be concerned with the amount of times you can type in a wrong password?

I will absolutely say that a distro making that claim should not worry about the difference between 3 and 10 password attempts on sudo (i.e. when you're already logged in).

> Especially since it's not vetting that actual security of the password itself?

Yes, that should be fixed. But it's a separate matter.
1 comments
mexicocitinluez 237 days ago
> Yes, that should be fixed. But it's a separate matter.

Sure, because the complexity of your password and the amount of times you get before you're locked out historically don't effect each other lol.

link
yjftsjthsd-h 237 days ago
At this scale? No, no they do not. Even if you know my password is a single dictionary word in lower case, the odds of you guessing it in 3 vs 10 guesses is negligible.

In fact, let's do this right now: I've just thought of a random english word and written it down. I'll give you 20 guesses. Guess it right and I'll agree with you.

link
anthonylevine 237 days ago
This has to be satire. HAS TO BE.

"Hey guys, I'm going to prove that an OS that claims that you don't have to worry about security anymore is actually secure by asking a total stranger to guess my password"

lol.

link
yjftsjthsd-h 237 days ago
Since it's so flimsy and insecure, you should guess so you can prove how insecure it is. Alternatively, you could fail to do that, because 10 guesses is safe even against an awful password.
link
anthonylevine 237 days ago
lol But what if, and I know this sounds absolutely insane, the person who stole your laptop knows you and isn't a total stranger on the internet? In your security guru mind, would that effect the probability of them guessing right? Or are you of the opinion that you don't need to worry about people close to you breaking into your stuff?
link
yjftsjthsd-h 237 days ago
If someone steals your laptop, then sudo limiting guesses is completely irrelevant. Note that I started with

> I will absolutely say that a distro making that claim should not worry about the difference between 3 and 10 password attempts on sudo (i.e. when you're already logged in).

If you'd like to point out that it's really important to require a high-entropy password for the lockscreen or disk encryption, then I'll agree, but that isn't the argument we're in right now.

link