[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: insecure passwords...




>I read the passwd man page and looked through the faq, but I didn't see any
>mention of how to validate new passwords through crack or some such
>program.  I would like to force new (and old) users to create passwords
>that are not so easy to guess.  Does anybody have a clue as to how to do
>this or even if it is worth the effort.  I know that there are other
>way to get passwords, like sniffing the network on the pop port (which
>I'm replacing with imap+SSL), but it's a start.  Thanks.

     OpenBSD doesn't automagically validate passwords through crack.
There are various packages available out there to do something like
this.  Actually feeding it to crack in these cases is a waste of
cycles, since you know the password and should know what crack would
look it up against you don't need to take the hit for the encryption
overhead. There are a variety of passwd replacement programs out there
to try to do that for you. You normally shouldn't do this unless
you're sure of what you are doing. I've in the passwd used something
called ANLpasswd to force users to pick stuff crack wouldn't nab, as
well as some other rules. this was done by searching through a large
(sorted) file of the cracklib output from my favorite sets of
dictionaries. Even on a sun3 this was tolerably quick, but I haven't
used it in a few years and never on OpenBSD.  

     OpenBSD's passwd program I suppose could have this functionality
optionally added to it, should there be enough call for it. IMO you
don't need it unless you run a login box with many clueless newbies on
it.

   -Bob