Re: Password Comlexity
On Thu, Jun 29, 2000 at 11:37:15AM -0700, Sean 'Shaleh' Perry wrote:
>
> On 29-Jun-2000 Sajjad Haider wrote:
> > Hello,
> >
> > I am a graduate student, just started working on the area of computer
> > security. Few months ago, when I used Debian OS, I remembered when you create
> > a new account and enter password for it, the kernel warns you if it
> > categorize the password as simple.
> > I want to learn about the procedure with which the kernel decides that
> > whether a particular password string is complex or simple.
> >
>
> all chars and less than 6 characters
> a word in the dictionary is also commonly tested.
>
> In PAM there is a cracklib module which checks passwords constantly, you should
> look there as well.
Plus, it's not really the "kernel" that does this, it's the passwd program
(and whatever modules it uses). Currently in potato, pam_unix.so has some
simple sanity checks for simple passwords. They include:
palindromes - words that read the same backward and forwards, like busub
min length check
repition, like "badbad"
and a few others. You can look at the source for it in libpam. As Shaleh
pointed out, cracklib has some extra strength checking, including a
password history (so ppl can't keep using the same two passwords
alternately) and dictionary matching.
--
-----------=======-=-======-=========-----------=====------------=-=------
/ Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \
` bcollins@debian.org -- bcollins@openldap.org -- bcollins@linux.com '
`---=========------=======-------------=-=-----=-===-======-------=--=---'
Reply to: