[security flaw] Ubuntu is a plain text offender

Kent Borg kentborg at borg.org
Tue May 24 19:29:38 UTC 2011


I wrote:
> Does 0x614d2079687420656f666372206565627720746920686f792175000a seem 
> like a good enough password? How much entropy is in it?
>
> Does 0x87972a55700e1080bf1c9b5e1cf45a01940553f919607a5d5aafae59 seem 
> like a good enough password? How much entropy is in it?
>
> One is a damn good password, one is truly terrible (if you are up 
> against a motivated and funded foe).

That is, as encryption keys where an attacker can do lots of decryption 
attempts are once, the first one is a bad passphrase if you have a 
powerful foe. As a traditional ssh password, it is much better if way 
cumersome. It depends greatly on what a passphrase or password is used for.



-kb





More information about the ubuntu-users mailing list