gdm Create User

[Simo Sorce]

On Sun, 2007-10-07 at 11:43 -0400, Steve Grubb wrote:
> On Sunday 07 October 2007 11:33:45 Lubomir Kundrak wrote:
> > > A successful account breach requires 3 things: a machine name, a valid
> > > account, and the password. Letting people know that an account is valid
> > > cuts the attack down to a dictionary attack.
> >
> > So what about trying to hide the machine name?
> 
> Yes that is a good thing to try, but likely to be exposed. NAT's do some 
> degree of protecting this. But this is really not the point of this thread.

And I really hope you don't advocate NAT as a security feature, please!

/me hates NAT and I hope nobody will be allowed to reintroduce something
like that with IPv6

> > This is plain nonsense. Time that was spent avoiding timing `attacks' was
> > wasted. The _password_  is meant to be a key that is to be hidden, not the
> > account name. 
> 
> No, it is both. This is why face logins are bad in a secure setting.

I think this kind of reasoning make sense only when made in a vacuum. In
most cases the username is just too easy to find out anyway. Trying to
regard it as a secret to protect is just plainly voodoo security IMO, I
concur with Lubomir on this.

> > If  anything, dictionary attacks can be done against the username-password
> > pair also.
> 
> Yes that is true. But not having a valid account name doubles the complexity 
> and requires you to work even longer.

That is a function of username lenght and passord lenght: These 2 cases
show same complexity:
A) 8 char username + 8 char password
b) 16 chars password

Want to bet the odds, make the password longer (make it a passphrase)
and stop caring about the username being public or not.

Simo.

> -Steve
>