Re: good/bad passwords question

From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 11/25/05 

Date: Fri, 25 Nov 2005 14:10:56 -0600

On Thu, 24 Nov 2005, in the Usenet newsgroup comp.os.linux.security, in article
<pan.2005.11.24.14.22.34.584959@uselessemail.net>, Proteus wrote:

>Amazing, it nows seems not strange at all that so many people have their
>systems hacked (cracked) into, given that lots of people likely just use
>dictionary words or combinations of dict words.

Most of the distributions I've used in the past ten years had some form of
password Nazi, sometimes a special passwd application, sometimes just a
plugin to PAM, that restricted what a user could have as a password. Do a
'grep' for 'passwd' in the LSM file at a sunsite mirror, and you'd find a
number of them, such as

Begin3
Title: npasswd_boulder+l-src
Version: N/A
Entered-date: May 1, 1995
Description: A replacement passwd(8) program with reasonably strict
                checking of user passwords for added security against
                dictionary attacks. Source package. Only minor changes
                from the original source were necessary for Linux.
Keywords: security password
Author: Many and various. Linux port by cmetz@inner.net (Craig Metz).
Primary-site: sunsite.unc.edu /pub/Linux/system/Admin/accounts
                npasswd_boulder+l-src.tar.gz
Platforms: Many UNIX platforms.
Copying-policy: GPL
End

Look at the documentation for PAM, and you'll find a lot more tricks.

        Old guy