pass phrase length and complexity. At least 16 characters; Starts and ends with a letter, has two symbols, two numbers two upper-case two lower-case. Nothing found in dictionaries in pass phrase no keyboard walking, no recognizeable keyboard patterns may work for a few seconds.
Jude <jdashiel at panix dot com> "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author, 1940) . On Tue, 17 Jan 2023, daven...@tuxfamily.org wrote: > Hello > > On 2023-01-17 09:51, DdB wrote: > > Am 17.01.2023 um 07:14 schrieb Stanislav Vlasov: > >> ??, 17 ???. 2023 ?. ? 11:01, David <david.g_jo...@ntlworld.com>: > >>> Looking on the internet it says the passwords are stored in /etc/passwd > >>> and /etc/shadow > >> > >> In /etc/shadow only password's hashes, some data, one-way calculated > >> from password string. > >> > >>> The password string in /etc/shadow looks as if it's encoded, how can I > >>> read this string? > >> > >> You can't. > > Everyone (and their friend) seem to know, how to work around this, which > > apparently is common debian knowledge (which is nice). > > > > But somehow, i feel there could be more caring about avoiding to teach > > future hackers by accident. Is this kind of lesson appropriate for a > > users list? - I doubt it. > > > > just my 2 cents > > DdB > > > It's not hacking. It's typical administration system stuff. A required > knowledge so you don't end up locked out of your own system in non-encypted > installation. It requires physical access to the computer, so applicable from > distance as you need to either > - remove then mount the hard drive on another machine. > - boot from a live USB. > - boot into GRUB's rescue-shell. > > But if you're worried about physical access to your computer (as a laptop than > can be easily stolen, or left in hotel room, or whatever), an account password > isn't going to protect your data or from someone alter your password /install > fishy stuff? > > In such case, you need to protect your system by encrypt it. And not just > encrypt /home as the files you need to protect in order to protect the system > from password tampering are NOT in /home. Debian installer has an option to > encrypt the system quite easily, you just need time for the initial > installation is it spends an good amount of writing random data (m?re or less > acceptable duration depending on your disk speed and CPU performance). And > re-ecrypt it when needed/when algorithmes get broken and new better ones > become the new recommended standard/if your decryption passphrase is known by > someone else/whatever. > > But it only makes sense of your decryption key has a long complex passphase. > An easily brute-forceable or guessable password for disk encryption defeats > the very own purpose of disk encryption. It basically means if you forget the > passphrase, you're pretty much screwed until you either remembrer it, or > reinstall and reconfigure everything. so you need to have backup [1] in secure > place. > > --- > 1. But again, backups are required anyway, encrypted installs or not. Storage > support do fail and/or get stolen. Never trust a single storage device. Or a > "cloud" backup bullshit. Cloud being nothing else than someone's else computer > who can do whatever they want on it, kick users whenever they please or abuse > personal data for profit if they want to (whether they do it in a "legal" or > semi-legal way or not doesn't matter. As they have the technical means to do > so and users have no means to check what's going on [2]. Including when data > is "encrypted" IF encryption and decryption happens on their systems). > 2. It's already hard enough to know what's going on on one's own computer, let > alone distant systems managed by someone else? > > >