Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
In my humble, nopassword can be considered to be "strong." Let's face it: it's either going to be written-down on a piece of paper taped underneath the keyboard, or it's going to be added to the list of saved-passwords in a web browser ... from whence it can be filched.
In my humble, the only plausible way to enforce security is by the use of digital certificates that are individually issued ... disallowing the use of passwords.
Think about it: when you enter any office building, you must swipe your badge. No one's sitting there saying, "say the magic word."
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
What's wrong with writing down a password though? If it's at home then you can leave it next to the computer unless you're encrypting your hard drives and you think a burglar will do some hacking. If it's a work password then a slip of paper in your wallet or purse can be used until you remember it properly -- if somebody steals your wallet or purse then they're hardly likely to then run to your place of work and try to log into your PC.
Sure, certificates are nice but they end up being protected by passwords ultimately since anybody stealing your token can gain access -- in the same way car thieves often break in an steal car keys to make theft easier. certificates stored on hardware like smart cards can be a pain if you forget the also -- as a colleague of mine found out the other day.
There is no panacea just lots of ways to make things more difficult for anybody trying to gain unauthorised access.
As to the original question I am sure that at least one of the password check sites allows the downloading of the web page for offline use but I can't seem to find it now, sorry.
Excellent. Not exactly what the OP asked for, but if you read through the info on the page, what's being said there seems to eliminate any need for an offline password strength checker.
In my humble, nopassword can be considered to be "strong." Let's face it: it's either going to be written-down on a piece of paper taped underneath the keyboard, or it's going to be added to the list of saved-passwords in a web browser ... from whence it can be filched.
In my humble, the only plausible way to enforce security is by the use of digital certificates that are individually issued ... disallowing the use of passwords.
Think about it: when you enter any office building, you must swipe your badge. No one's sitting there saying, "say the magic word."
You are correct. And no matter how secure/encrypted you make your password, someone can just beat it out of you (a la XKCD). That's why two-stage auth is far better, using something you know (a password, for example) and either something you have (keyfob, token, smartcard, etc.) or something you are (fingerprint, retinal scanner, voice recognition, etc.).
In my humble, nopassword can be considered to be "strong." Let's face it: it's either going to be written-down on a piece of paper taped underneath the keyboard, or it's going to be added to the list of saved-passwords in a web browser ... from whence it can be filched.
In my humble, the only plausible way to enforce security is by the use of digital certificates that are individually issued ... disallowing the use of passwords.
Think about it: when you enter any office building, you must swipe your badge. No one's sitting there saying, "say the magic word."
Actually, the building swipe reader is saying just that.
Anyone with a copy of the magnetic stripe on your card has the password.... Now CAC cards are not a swipe - but even they can be spoofed (I have captured the password during testing... so they aren't all that secure either).
Last edited by jpollard; 07-08-2013 at 09:59 AM.
Reason: typos
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.