[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Password Security Policy Question
On Fri, Sep 13, 2002 at 02:12:23AM +0100, Nick Lamb wrote:
> Sure enough I can't change my password to 'guess' or 'password' or
> '01234567' using either the GUI or the passwd program. It's not as
> friendly as Mozilla's "password goodness meter" but it will suffice.
Have you tried another string of 8 digits, more randomly-looking (but
obviously still very weak as all numeric-only passwords are)? That
used to bypass CrackLib alone (and John the Ripper has enjoyed cracking
many such passwords that have passed CrackLib checks), I don't know if
pam_cracklib has additional checks against that.
> Apparently there are moves afoot to replace or augment Cracklib with
> Solar Designer's pam_passwdqc in some future version of Red Hat Linux.
I haven't heard of that for Red Hat Linux in particular.
pam_passwdqc is currently used on several other Linux distributions
and it has recently been integrated into FreeBSD-current.
pam_passwdqc is a simple password strength checking module for
PAM-aware password changing programs, such as passwd(1). In addition
to checking regular passwords, it offers support for passphrases and
can provide randomly generated passwords. All features are optional
and can be (re-)configured without rebuilding.
Currently supported are Linux (Linux-PAM), FreeBSD-current (OpenPAM),
Solaris, and HP-UX 11+.