Re: Password aging problem

["David Jackson" <david.jay.jackson@wcox.com>]

The is a number of password generations programs on http://freshmeat.net,
One I tinkered with is passwdgen. 

The problem with really good password, you cann't remember them :)

I've worked at a few sites where secrure tokens were used, at least
for the root accounts.

David


---------- Original Message ----------------------------------
From: Geoff Torres <geoff@rosemail.rose.hp.com>
Date: 	Fri, 28 Jun 2002 15:10:27 -0700

>Hi,
>
>I'm not familiar with shadow-utils, but I can tell you that "B1u3 K@t!"
>is not particularly sturdy from a password cracking viewpoint.  The idea
>of using numbers to represent letters is well known and used by cracking
>algorithms.
>1=l, 3=e, @=a, K=c, both blue and cat are dictionary words.
>
>Now I agree with you that nobody will likely guess that password, but a
>computer would if given access to your shadow file.  
>
>Most password checking algorithms assume that you have a publicly
>viewable passwd (encrypted) field.  They don't care if you're using a
>shadow file or not.
>
>It's really your call as to how deep you want to take password
>management.  How important is the data or system that it is that you're
>trying to protect?  How accessible is the box?  Are your users smart
>enough to not use easily guessable (by a human) passwords?  It's all a
>balance between security of your assets and productivity of your users. 
>>From a user viewpoint, a complicated password is a pain to manage.  They
>start writing them down or other equally stupid work-a-rounds.
>
>We're in a lab behind a firewall.  We're just happy that the engineers
>even use passwords.  :-)
>
>Geoff
>
>> 
>> Hello,
>> 
>> I have a RH 7.1 box running with shadow-utils-20000826-4 version, and so far
>> the prompt to change the password works, but it does not want to accept ANY
>> new password. Even the real sturdy passwords like B1u3 K@t! . The system
>> complians that they are too simple. Now, while I agree that simple passwords
>> are NOT good, there has to be something reasonable here. How can I fix this?
>> 
>> Thanks!
>> 
>> -James
>> 
>> James Kelty
>> Sr. Unix Systems Administrator
>> Everbase Systems, LLC
>> 541.488.0801
>> jamesk@everbase.net
>> 
>> -
>> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>-
>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>