root password
 

Does the strength of my root password make a huge difference on how hard it is to break into my system? Or is it just important if people have physical access to my machine?

Are any of thes ports open big risks: 22, 631, 6000

Yes indeed. Lets say that an intruder gets access to your machine as a normal user through exploiting a service that runs as a user instead of root, or perhaps logging in to your box as a user via X11 listening on port 6000. Then the next step is either finding some sort of local exploit like a buffer overflow, or to try cracking your root password. Personally I use a phrase with non english words and a at least 16 character number as a root password. But that's just me and my paranoia. I'd recommend using the longest password that you can, 20-30 characters should do it. As for those ports - 22 is the ssh port. This should only be open if you are using sshd on your box to permit yourself to login over the net from other boxes. You should also make sure that you are running the patched version of ssh as a new vulnerability was found this week. If your sshd is setup to let you login as root then your root password will make a very big difference in how easy it is to hack your box. 631 is the internet printing protocol port, I'm not aware of any issues regarding this port, but I would check into it if I were you. Port 6000 is the X Windows port. If it is accessible from the outside people can attempt to login to your box using xdm, gdm, kdm etc. They would then have a running X session on your box. This is another place where a good root password will come in handy. If you haven't configured things properly people may be able to attempt to login as root through this port. Unless you are using any of these ports from outside of your home network they should all be firewalled off as 2 of them present potential security vulnerabilities. Also if you do not need ssh I would uninstall it immediately as there is no reason to run a potential point of entry for attackers.

when you say non-english do you mean jibberish?cuz they have dictionaries for all languages, so if your password could be cracked whether its agua44 or water44.

but to strength up use random characters, numbers and such, and try not to use words.

16 Characters minimum? :eek: I guess if you used a date or something you could remember you get 8 characters right there... One thing is you have to be able to remember the password. A post-it note on the monitor isn't exactly secure... ;)

Probably one of the most common security practices is changing numbers for letters like 0=o i=1 etc. One thing I would do if you are concerned is make sure the password is long enough. I've messed around with password cracking utilities and if it's 8 characters I could usually get it within a few days. (btw your wife's name is not secure;))

i dont know about those security practices because they can replace 3's with e's too, to crack it

My own tips on strong passwords:

1. Do not make it personalized. Like don't use anything related to you like your birthday, dog's name or address, etc.
2. Change it often. If you make users change theirs every 30 days or so on your system, change yours too. Its only good practice and a changing password is a harder to crack/figure out password.
3. Use letters and numbers. Don't use common words in your passwords and do variations of upper/lowercase, other characters besides common language letters, etc.

...both PAM modules and Solar Designer's pam module can help enforce those rules.

A known 'trick' to remeber those long funnylooking passwords:

T2dIdwyaD

Looks hard to remeber, doesn't it.

Just the name of a movie that popped up in my mind just now:

Things to do in Denver when you are dead

Shouldn't be to hard to find out how I constructed the passwd and it's 'easy' to remember and save (as far as save can be save) :)

There are lots of mnemonic tricks for remembering passwords, I like to use poetry, for example

Myfatherwasthekeeperoftheeddystonelighthesleptwithamermaid onefinenight

is not likely to get cracked even though it doesn't contain any numbers. And it's easy for me to remember.

Annoyingly long root passwords also discourage you from logging in as root when you don't have to. ... you'll prefer to use your non-privileged account with the easier-to-type password.

Greetings!


About that password issue...

It's really not that hard making up and remembering a password as long as you like. A good method for this is to open up your Linux reference book (or any other if you want :D) at a random page and take out a random sentence. Then take the first letter of every word of that sentence and use the mas your password. If it is too short, take a different sentence. That will give you a password with only 'random' characters but you will be able to remember it quite easily as you can remember the sentence rather than some characters.


Good bye!

edited - (for some reason....) So toss one of those non-english words in a mnenomic phrase and add (redacted) you've got a pretty damn good password. At least if you change it every 30 days or so as suggested above. Of course my motto has always been "Sure I'm paranoid, but am I paranoid enough?"

Just because your paranoid doesn't mean they aren't out to get you... ;)

how long would take hack a 20 charactor passwd

There is another trick to make your pswd longer. Just take the old, short password (i.e. hotdog), then take a random letter (i.e. 'k'). Then type the random letter which we took after the every letter in th password. In our example the end password will be: hkoktkdkokgk. So we made it twice longer than before with minimal difficulty. I don't know how much time it would take to decrypt it, using John for example, but it will be more than before. Maybe enough to do your shedulded password change in safety ;)