Re: off topic: password strategy as an ISP
We use the following strategy:
1) Generate a list of passwords with pwgen
2) On a SP2 supercomputer, try to crack them (after feeding them
through crypt).
3) Those who can't be cracked go into a safe, to be allocated when
users sign up.
The company I work for was very badly hacked (rm -fR *), which is how
I got my job (as a repairman!). They are now somewhat paranoid!
Just as a Debian is cool story:
When they lost all their servers they were running Slacware 2
(shudders!). I refused to rebuild the system with Slackware so they
said, "OK, use Redhat". I installed Redhat (2 I think) and managed to
crack it within a week.
So I put Debian 1.2.4 on (I'd been using Debian in a research
environment for some time), and since then I've seen a few attempts in
the logs, but as far as I know no-one has got in who shouldn't!
I'm not so naive as to believe that Debian is 100% secure (that's
impossible I reckon), but it seems to cope OK for a smallish ISP. I
find some interesting things in the logs, like 500 consecutive
attempts to telnet from the one source, but as we've disabled shell
access for dial-in clients it'll just give them motd if they do get in
that way!
On the subject of pwgen though, there is a definate pattern to the
passwords it generates. This does concern me a bit.
John Foster
> As you can see, this message is very offtopic, but still somewhat Debian
> related.
>
> I am curious how folks who use Debian in a "production" environment deal
> with allocating passwords.
>
> Do you use the pwgen package and let users worry about it from there, or
> do you let them choose within the confines of what passwd allows?
> I can see a lot of..."no, you can't have anything that appears in the
> dictionary, no thats too short, you need a capital or a number in it.."
> or..."ok, to change your password you have to telnet in...ok, telnet
> is...then type passwd..."
>
> It is interesting. I've had ISP's who use BSD, Slackware Linux, and NT.
> The BSD ISP gave me a rather cryptic looking password.
> I had my choice with the Slackware ISP. (Debian would not have accepted my
> password...too simple)
> Likewise, the NT ISP, allowed me to choose a rather simple password.
> Even though hard to remember at first, the password I had with BSD was
> likely the most secure.
>
> TIA for sharing your strategies.
>
> Rich M
> richm@rogers.wave.ca
>
>
>
> --
> TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
> debian-user-request@lists.debian.org .
> Trouble? e-mail to templin@bucknell.edu .
>
>
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: