You are not logged in.
- Topics: Active | Unanswered
#1 2019-07-19 01:02:39
- catnap
- Member
- Registered: 2016-10-03
- Posts: 131
[SOLVED] Alternative ways to safely change password or key
I've learned that a good way to ward off brute force attacks is to keep regularly changing ones password for all the vital services in the system, like user login and the mounting of an encrypted partition. However, having done this for some years now, I have recently started to worry about the potential pitfalls of changing my password in the standard way. Usually, a password is changed by inserting the old password and then the new one twice---so as to confirm it. My concern is that the confirmatory step might not serve its intended purpose because it could be surprisingly easy to make the same typographical error two times in a succession.
Might there be a more flexible system that would allow the user to test the waters with the new password to become entirely confident with it and to only commit to it later on? Perhaps this type of scheme would create security concerns of its own, so it is just a play with ideas at this point. Alternatively, there could perhaps be some sort of a key-pair identification that would eliminate the need for a password completely.
Last edited by catnap (2019-07-24 21:05:21)
Offline
#2 2019-07-19 02:14:31
- amish
- Member
- Registered: 2014-05-10
- Posts: 470
Re: [SOLVED] Alternative ways to safely change password or key
1) Make sure noone is behind you!
2) vi /root/some.safe.random.file
root:mynewpassword3) Verify you typed it correctly (test the waters)
4) chpasswd -c SHA512 < /root/some.safe.random.file
5) rm /root/some.safe.random.file
Last edited by amish (2019-07-19 05:41:56)
Offline
#3 2019-07-19 03:28:11
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 29,525
- Website
Re: [SOLVED] Alternative ways to safely change password or key
4) echo /root/some.safe.random.file | chpasswd -c SHA512
That will not work ... at all. Perhaps you meant `cat` in place of `echo`, and while that'd work, it'd be a useless cat:
chpasswd -c SHA512 < /root/some.safe.ranom.file"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
#4 2019-07-19 05:41:34
- amish
- Member
- Registered: 2014-05-10
- Posts: 470
Re: [SOLVED] Alternative ways to safely change password or key
Oh yes you are right (edited the post)
Actually I had copy-pasted from one of my scripts which used echo "root:password" (a single user system - so echo is not insecure)
Hence the error.
Offline