New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
ChicagoVPS Solus not letting me set a secure root password?
Shane_Elmore
Member
Too lazy to go into the billing panel and submitting a ticket.
So Solus on ChicagoVPS will not let me set a root password with symbols, however, if I try one without, which is insecure, it works. Is this a bug or does Chris just have SolusVM setup this way (probably the first one)? xD
Comments
Solus sucks. 'passwd' exists for a reason, use it.
This is a Solus thing, it has problems with long or "strange" passwords.
Just set some temporary password, login as root in the VPS and then use the passwd command to set whatever password you want.
As above, it's a Solus issue. I'm surprised they still don't support secure passwords. It would have been requested from the beginning.
Just another Solus issue.
Yeah, I have this issue too. Hate it.
I just set a temporary password and change it using passwd when I first login.
You have a lot to learn about what 'secure' entails.
Seriously? Just like OneTwo... too lazy to do your own research, yet expect the answers nontheless.
-All else equal, passwords with symbols are more secure than passwords without symbols. This is obvious.-
Never mind.
I think @Aldryc was refering to setting a password via SolusVM which is a security nightmare.
The implication was that passwords without symbols are "insecure" (not simply less secure). You're arguing against something that wasn't said.
@Aldryic isn't he doing research by asking someone that already knows? (LET community)
I refer to 'correcthorsebatterystaple' to disprove that notion.
If it hadn't been for the "I'm too lazy" bit, that would've been my guess as well.
"All else equal" is important here. "correcthorsebatterystaple" versus "correcth*rsebatterystaple".
@Aldryic
I did misread your allelseequal there, sir. However, I still disagree with you, due to you're making your claim far too broad. "Randomized" passwords are harder for a human to guess, but it makes no difference to a machine. The only thing you've done with adding symbols is ensure that you'll have a more difficult time keeping track of your passwords, unless you have your own rigid pattern to follow.
@jarland - maybe just a little
Yes, but my example is not randomized. By adding symbols in locations that make sense to you, you make passphrases marginally more difficult to remember, but add significant entropy for a machine.
No sir, not necessarily. You're making the assumption that 1) the password's characters will be latin, and 2) the password will be short.
Ялюблюмоясобакаis made up of four very common words. And yet it has higher entropy than any combination of latin symbols you choose under 14 characters long.There's much more involved with password security than just how random, how much entropy, how long, etc. There are plenty of factors to consider, and not every password need have the same strengths.
/me hops over to my.frantech.ca/admin
Okay, in your example wouldn't "Ялюблюмоясобака" have less entropy than "Ялюблюмояс*бака", since you're increasing the possible character space?
Oh Jeez, It's that boxxy girl.
I seen her videos a while ago, She never stops moving/twitching, What is wrong with her?
image
Nosir. The cyrillic 'o' and the asterisk have the same entropy. All you've done there is make the password harder for you to remember.
If that were latin characters, then you'd be correct, as latin alphanumeric are less entropic than ascii charsets. But not everyone uses english/latin for their passwords :P
Lol i haven't heard from her in years. Anyone knows what happened to her?
So from the POV of an attacker, if I was creating a script that tried to bruteforce your passwords, wouldn't it take longer to bruteforce if my script had to test all cyrillic characters + latin symbols, vs. just cyrillic characters? There would be (no. of possible cyrillic characters + no. of possible symbols) per character vs. just (no. of possible cyrillic characters). I might be missing something very obvious here...
Nothing. She uploaded a video 3 months ago.
http://www.youtube.com/user/boxxybabee
@antiven But suppose the system allowed all symbols/latin characters/etc. When should you stop testing latin-only character passwords? 13 characters? 20? When should you start mixing in numbers? Or start going for Russian passwords without symbols? Entropy is a hard game to beat.
Except you wouldn't write such a script, since you didn't think of cyrillic passwords to begin with :P (none of my passwords are pure cyrillic, btw).
You also have to take into account that nobody -would- write a cyrillic only script, as cyrillic still uses latin/arabic numbers. So excluding those means a bruteforce tool that would have a very high failure rate.
Hey thats not fair... Its an "all else equal" comparison.
Why does our name have to be mentioned in this, its irrelevant since we can do nothing about it and is now getting attention for no reason haha
Bask in it brother
The problem with 'correct horse battery staple' is that, assuming an attacker knows you use that password format, each word is really only worth one 'character', with a 'character set' the size of a dictionary.
@Dilt It's kinda creepy the way you randomly appear in a thread out of nowhere ...
Very much correct, sir. That's why you don't tell folks your password strategies, let alone examples