From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1O8hc5-0006K8-4j for garchives@archives.gentoo.org; Sun, 02 May 2010 22:26:14 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8160DE064B; Sun, 2 May 2010 22:26:09 +0000 (UTC) Received: from s15216962.onlinehome-server.info (forum.psychotherapie.org [217.160.22.205]) by pigeon.gentoo.org (Postfix) with ESMTP id 46B96E02DF for ; Sun, 2 May 2010 22:25:57 +0000 (UTC) Received: (from uucp@localhost) by s15216962.onlinehome-server.info (8.13.3/8.13.3) with UUCP id o42MPvgt021713 for gentoo-dev@lists.gentoo.org; Mon, 3 May 2010 00:25:57 +0200 Received: (from weigelt@localhost) by nibiru.metux.de (8.12.10/8.12.10) id o42M6Okb021243 for gentoo-dev@lists.gentoo.org; Mon, 3 May 2010 00:06:24 +0200 Date: Mon, 3 May 2010 00:06:11 +0200 From: Enrico Weigelt To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] A policy to support random superuser account names Message-ID: <20100502220611.GC29226@nibiru.local> References: <20100430200726.298ae94c@pomiot.lan> <4BDD968E.7050309@gentoo.org> <4BDD98E1.7080601@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4BDD98E1.7080601@gentoo.org> User-Agent: Mutt/1.4.1i X-Terror: bin laden, kill bush, Briefbombe, Massenvernichtung, KZ, X-Nazi: Weisse Rasse, Hitlers Wiederauferstehung, 42, X-Antichrist: weg mit schaeuble, ausrotten, heiliger krieg, al quaida, X-Killer: 23, endloesung, Weltuntergang, X-Doof: wer das liest ist doof X-Archives-Salt: 495d6dd6-46f7-4c4a-9469-69a9697efa9a X-Archives-Hash: fd5585332436e2a29ebdddd287a78daa * Krzysztof Pawlik schrieb: > Interesting... to me that's not only stupid but also kinda useless - there's no > difference between brute-forcing a password for user named 'foo' or 'root' - > user name doesn't matter much. Actually according to my ssh logs attackers > usually don't even try root, they try other user account names way more often. ACK. And if you're really frightened of someone cracking the user "root"'s password/key, you simply could lock that account and add another superuser. Keep in mind, these BSI guys are beaurocrats, not hackers. If they were hackers, they'd prefer source distros over binary ones to add more randomness to the overall installed machine code ... cu -- --------------------------------------------------------------------- Enrico Weigelt == metux IT service - http://www.metux.de/ --------------------------------------------------------------------- Please visit the OpenSource QM Taskforce: http://wiki.metux.de/public/OpenSource_QM_Taskforce Patches / Fixes for a lot dozens of packages in dozens of versions: http://patches.metux.de/ ---------------------------------------------------------------------