From mboxrd@z Thu Jan 1 00:00:00 1970 From: Geoff Torres Subject: Re: Password aging problem Date: Fri, 28 Jun 2002 15:10:27 -0700 Sender: linux-admin-owner@vger.kernel.org Message-ID: <3D1CDED3.9E10F2BA@rosemail.rose.hp.com> References: Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: List-Id: Content-Type: text/plain; charset="us-ascii" To: James Kelty Cc: linux-admin@vger.kernel.org Hi, I'm not familiar with shadow-utils, but I can tell you that "B1u3 K@t!" is not particularly sturdy from a password cracking viewpoint. The idea of using numbers to represent letters is well known and used by cracking algorithms. 1=l, 3=e, @=a, K=c, both blue and cat are dictionary words. Now I agree with you that nobody will likely guess that password, but a computer would if given access to your shadow file. Most password checking algorithms assume that you have a publicly viewable passwd (encrypted) field. They don't care if you're using a shadow file or not. It's really your call as to how deep you want to take password management. How important is the data or system that it is that you're trying to protect? How accessible is the box? Are your users smart enough to not use easily guessable (by a human) passwords? It's all a balance between security of your assets and productivity of your users. >From a user viewpoint, a complicated password is a pain to manage. They start writing them down or other equally stupid work-a-rounds. We're in a lab behind a firewall. We're just happy that the engineers even use passwords. :-) Geoff > > Hello, > > I have a RH 7.1 box running with shadow-utils-20000826-4 version, and so far > the prompt to change the password works, but it does not want to accept ANY > new password. Even the real sturdy passwords like B1u3 K@t! . The system > complians that they are too simple. Now, while I agree that simple passwords > are NOT good, there has to be something reasonable here. How can I fix this? > > Thanks! > > -James > > James Kelty > Sr. Unix Systems Administrator > Everbase Systems, LLC > 541.488.0801 > jamesk@everbase.net > > - > To unsubscribe from this list: send the line "unsubscribe linux-admin" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html