Install Wizard 'Looks Too Complicated'

Mon Nov 30 18:47:34 UTC 2009

On Mon, Nov 30, 2009 at 12:55 PM, Matt Wheeler <m at funkyhat.org> wrote:
> 2009/11/30 Jan Claeys <lists at janc.be>:
>> Op zondag 29-11-2009 om 00:47 uur [tijdzone +0800], schreef John
>> McCabe-Dansted:
>>> There are also algorithms for extracting the password from XP as
>>> well...
>>
>> XP passwords are compared to hashes, and you can't extract the password
>> from a hash.
>
> There are brute-force password cracking methods, but including
> something like that as
> part of the Ubuntu installation would be a bad idea for several
> reasons.
>

List some not-silly reasons.  "Because people could use it for
theoretical/practicable attacks" is not a reason, because 1) you could
decline to reveal the password (but allow verification); and 2) there
are other tools for this that are just as accessable.

I guess I can give a longer example here, but I'd rather not get into
the specifics of this discussion:

In the state of the art, I can pop in a BackTrack CD, fix 1 line in
Kismet's config (is this automatic now?  It could be), run one
command, and drop keys for all the WEP networks around me.  There are
tools included that find "hidden" SSIDs and you can even find MAC
addresses in use to get around all the maze-like non-security.

I have made the argument that Ubuntu could contain a version of
Network-Manager (I prefer by default, but it could be an additional
package) that automatically does all the hidden SSID detection in the
background, and does some monitoring and WEP cracking, marking off
"Secured, broken" networks.

This usually brings up arguments that this is somehow "bad," but
doesn't explain exactly how it's bad.  It doesn't decrease security,
because well... if you want to "steal internet," you're a mostly
harmless leech; if you want to do something serious, you're going to
have the skills anyway.  I figure it would probably make it extremely
visible to the owners of 6 (of 7) WiFi networks reachable from my
apartment that their @*#$ is not secure when it becomes common
knowledge that most of that stuff is flat-out ignored and
automatically bypassed by some operating systems.

Cost-benefit arguments aside, it seems that the above extreme case
doesn't actually de-securify anything (it is, however, a good way to
make fun at hilariously bad security devices that actually got
released to market).  A quick and painless password cracking mechanism
(background, started as soon as the CD can see a partition with a SAM,
and time-restricted) doesn't seem like an issue to me.

Of course, I'm a very coarse person and have no desire to play nice.
Sure, I definitely advocate NOT flashing the cracked passwords in
peoples' faces, and keeping them in secured RAM (i.e. XOR'd with a
canary, in locked memory, until needed; or better, hash them out for
storage in shadow and clear the originals out of RAM).  But I see no
reason to care about the difference between "we could easily crack
these passwords" and "we have cracked these passwords," unless you're
uploading the passwords (hashed?) to Canonical for further use.

> --
> Matt Wheeler
> m at funkyHat.org
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>