Install Wizard 'Looks Too Complicated'

Tue Dec 1 14:46:47 UTC 2009

On Tue, Dec 1, 2009 at 5:27 AM, James Westby <jw+debian at jameswestby.net> wrote:
>  * It's a feature of dubious value to begin with. After it had taken some
>    time doing its thing you would need to have the user type in the password
>    anyway to confirm (you can't assume, and you can't really show it to them).

Quite. "Cracking" the password is pointless. All we need to know is
whether the password matches the hash (just like windows). So in this
case we could in principle fill the second password field with stars,
and announce a match as soon as the password the user enters matches
the hash from XP.

In fact we don't even need the user to enter the actual password until
they login. We could add support for NT hashes to PAM and copy the NT
hash. We probably wouldn't want to copy the "LM" hash, as this is the
insecure easily broken hash*, and if the user wipes XP we wouldn't
want copies of this to be left lying around. Allowing a mass import of
users from windows may help if the machine has several users, of whose
passwords the administrator may not know (or want to know).

(*) according to:
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3783156/Use-Ophcrack-to-Defuse-Windows-Security-Timebomb.htm

> Can we please spend our time on other worthwhile features and not argue about
> whether "cracking" tools should exist for all to use or not?

Since we can get the NT hash without cracking anything, it may be
worthwhile. If we import the NT hash, detect region and mirror from
IP/traceroute, then we do not need to ask the users any questions. We
could go straight to the "Review and Install" screen that could look
like:

+--------------[Review and Install] --------------------------------
| These are the settings detected by Ubuntu. If you are familiar with
these settings you may want to customize them. However if you do not
understand these settings it is safe (and recommended) to leave them
unchanged.
|
| Language: English
|
| Administrator Username: xp
| Administrator Password: ********* (Same as Windows)
| Other authorized users: john, user, guest (import from windows)
|
| Region: Perth/WA
| Mirror: ftp.iinet.net.au
| Partition Sizes:
|   Main '/' Partition: 100 GiB (%50 of remaining space)
|   Swap Size: 2 GiB
| Keyboard Type: US/International
|
|                              [Cancel]   [Install]
|
+---------------------------------------------------------------------------

The Language could be chosen at the boot menu as it is now, or
detected from windows.
-- 
John C. McCabe-Dansted