From: "David Jackson" <david.jay.jackson@wcox.com>
To: James Kelty <jamesk@ashlandagency.com>,
Geoff Torres <geoff@rosemail.rose.hp.com>
Cc: linux-admin@vger.kernel.org
Subject: Re: Password aging problem
Date: Fri, 28 Jun 2002 16:15:47 -0600 [thread overview]
Message-ID: <200206281615.AA1534394626@wcox.com> (raw)
The is a number of password generations programs on http://freshmeat.net,
One I tinkered with is passwdgen.
The problem with really good password, you cann't remember them :)
I've worked at a few sites where secrure tokens were used, at least
for the root accounts.
David
---------- Original Message ----------------------------------
From: Geoff Torres <geoff@rosemail.rose.hp.com>
Date: Fri, 28 Jun 2002 15:10:27 -0700
>Hi,
>
>I'm not familiar with shadow-utils, but I can tell you that "B1u3 K@t!"
>is not particularly sturdy from a password cracking viewpoint. The idea
>of using numbers to represent letters is well known and used by cracking
>algorithms.
>1=l, 3=e, @=a, K=c, both blue and cat are dictionary words.
>
>Now I agree with you that nobody will likely guess that password, but a
>computer would if given access to your shadow file.
>
>Most password checking algorithms assume that you have a publicly
>viewable passwd (encrypted) field. They don't care if you're using a
>shadow file or not.
>
>It's really your call as to how deep you want to take password
>management. How important is the data or system that it is that you're
>trying to protect? How accessible is the box? Are your users smart
>enough to not use easily guessable (by a human) passwords? It's all a
>balance between security of your assets and productivity of your users.
>>From a user viewpoint, a complicated password is a pain to manage. They
>start writing them down or other equally stupid work-a-rounds.
>
>We're in a lab behind a firewall. We're just happy that the engineers
>even use passwords. :-)
>
>Geoff
>
>>
>> Hello,
>>
>> I have a RH 7.1 box running with shadow-utils-20000826-4 version, and so far
>> the prompt to change the password works, but it does not want to accept ANY
>> new password. Even the real sturdy passwords like B1u3 K@t! . The system
>> complians that they are too simple. Now, while I agree that simple passwords
>> are NOT good, there has to be something reasonable here. How can I fix this?
>>
>> Thanks!
>>
>> -James
>>
>> James Kelty
>> Sr. Unix Systems Administrator
>> Everbase Systems, LLC
>> 541.488.0801
>> jamesk@everbase.net
>>
>> -
>> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>-
>To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at http://vger.kernel.org/majordomo-info.html
>
next reply other threads:[~2002-06-28 22:15 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-28 22:15 David Jackson [this message]
-- strict thread matches above, loose matches on Subject: below --
2002-06-28 21:46 Password aging problem James Kelty
2002-06-28 22:10 ` Geoff Torres
2002-06-28 22:59 ` James Kelty
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200206281615.AA1534394626@wcox.com \
--to=david.jay.jackson@wcox.com \
--cc=geoff@rosemail.rose.hp.com \
--cc=jamesk@ashlandagency.com \
--cc=linux-admin@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).