undefined | Better HN

0 pointsanthonylevine5mo ago0 comments

This has to be satire. HAS TO BE.

"Hey guys, I'm going to prove that an OS that claims that you don't have to worry about security anymore is actually secure by asking a total stranger to guess my password"

lol.

0 comments

yjftsjthsd-h5mo ago

Since it's so flimsy and insecure, you should guess so you can prove how insecure it is. Alternatively, you could fail to do that, because 10 guesses is safe even against an awful password.

anthonylevineOP5mo ago

lol But what if, and I know this sounds absolutely insane, the person who stole your laptop knows you and isn't a total stranger on the internet? In your security guru mind, would that effect the probability of them guessing right? Or are you of the opinion that you don't need to worry about people close to you breaking into your stuff?

yjftsjthsd-h5mo ago

If someone steals your laptop, then sudo limiting guesses is completely irrelevant. Note that I started with

> I will absolutely say that a distro making that claim should not worry about the difference between 3 and 10 password attempts on sudo (i.e. when you're already logged in).

If you'd like to point out that it's really important to require a high-entropy password for the lockscreen or disk encryption, then I'll agree, but that isn't the argument we're in right now.

j / k navigate · click thread line to collapse

0 pointsanthonylevine5mo ago0 comments

This has to be satire. HAS TO BE.

"Hey guys, I'm going to prove that an OS that claims that you don't have to worry about security anymore is actually secure by asking a total stranger to guess my password"

lol.

0 comments

yjftsjthsd-h5mo ago

Since it's so flimsy and insecure, you should guess so you can prove how insecure it is. Alternatively, you could fail to do that, because 10 guesses is safe even against an awful password.

anthonylevineOP5mo ago

yjftsjthsd-h5mo ago

If someone steals your laptop, then sudo limiting guesses is completely irrelevant. Note that I started with

> I will absolutely say that a distro making that claim should not worry about the difference between 3 and 10 password attempts on sudo (i.e. when you're already logged in).

If you'd like to point out that it's really important to require a high-entropy password for the lockscreen or disk encryption, then I'll agree, but that isn't the argument we're in right now.

j / k navigate · click thread line to collapse