trinity-users@lists.pearsoncomputing.net

Message: previous - next
Month: December 2018

Re: Login into accounts with german umlaut - also password security

From: William Morder <doctor_contendo@...>
Date: Mon, 3 Dec 2018 12:47:52 -0800

On Monday 03 December 2018 09:12:48 Thierry de Coulon wrote:
> On Monday 03 December 2018 16.18:37 Michele Calgaro wrote:
> > The problem with login when the password has special characters (accents,
> > umlaut....) has not been fixed in R14.0.6-dev and R14.1.0-dev.
> > https://bugs.pearsoncomputing.net/show_bug.cgi?id=2961
>
> I have made a rule to *not* use accents, special characters or spaces in
> *nix (passwords, filenames and so). Once you've got used to this life is
> easier (I do use @ in password though).
>
> This sort of things also brings problems when you copy between different
> OSes.
>
> Thierry
>

N.B. Just so I don't hijack this thread, I have changed the heading a little. 
If readers have quality complaints, please direct them to the usual places. 

I gave up on accents, special characters, etc., a long time ago, for 
filenames, etc., in *nix systems. As the spelling of my surname, in some 
German instances, contains an umlaut (long since lost), and as there are some 
who may want to preserve such items, I avoided comment. However, the trouble 
it causes in *nix systems, or in transferring files among different systems, 
is not worth it. 

For passwords, however, (and NOT login names), I totally disagree. All those 
quirky characters help to protect your security from script kiddies with 
password crackers. The difference between brute-force cracking a passwords 
of, say, 10 characters, varies between something like 2 hours and 20 million 
years, when the only difference is using all those "extra characters". 

I read all this somewhere, and don't have any direct practical experience of 
password cracking; except once, about 20 years ago now, when my own password 
got cracked - after which, I set myself to learn Linux and make for myself a 
more secure system. So don't try to pin my down on my authority for this 
statement; but if I must, I will look up some references on password security 
just to prove my point that I am an insufferable pedant. 

Most *nix systems, so far as I know, don't have problems with "extra 
characters" for passwords (but I haven't tried umlauts). I did note that 
Q4OS, though, would not allow me to use extra characters on its first 
installation; I never got farther than that, and looked for something else, 
and hope that this isn't a sign of things to come (i.e., less secure 
passwords). 

Bill

powered by ezmlm-www (v1.4.5)