Re: preventing weak passwords
On Thu, Jul 08, 1999 at 07:39:44AM +0800, Chad A. Adlawan wrote: hello all, im really sick of almost having to remind my users to use non-dictionary passwords. we provide a web based interface to change their passwords and so the checking done by executing /usr/bin/passwd is not implemented. im thinking of dictionary cracking my users passwords so that i can narrow down on those only on those whos passwords need fixing, that is, only those whose passwords can be dictionary cracked. does anyone know of an application that can do what i want ? The first edition of Programming perl had an example script for checking passwords, but it was dropped in the current edition. Fortunately, O'Reilly still has the example tarball on their FTP site. Look for ch6/passwd in ftp://ftp.ora.com/pub/examples/nutshell/programming_perl/perl.tar.Z HTH, Your Pal Dave -- Dave Thayer Denver, Colorado USA [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: preventing weak passwords
You can get better versions of passwd(1) that prevent users from setting bad passwords in teh first place - we use one called npasswd, which works a little TOO well (it screens out my attempts to give new users simple passwords). I can give you the source if you need it, but there is a distro site out there. Carl
Re: preventing weak passwords
On Thu, 8 Jul 1999, Chad A. Adlawan wrote: im really sick of almost having to remind my users to use non-dictionary passwords. we provide a web based interface to change their passwords and so the checking done by executing /usr/bin/passwd is not implemented. im thinking of dictionary cracking my users passwords so that i can narrow down on those only on those whos passwords need fixing, that is, only those whose passwords can be dictionary cracked. does anyone know of an application that can do what i want ? You may want to consider the debian package for cracklib2. This is a library that will check the quality of the passwords as they are set by the user so it is proactive. Alternately, the author of cracklib2 has another program named crack that will check the quality of existing passwords. Not packaged in debian yet. -- Jean Pierre
preventing weak passwords
hello all, im really sick of almost having to remind my users to use non-dictionary passwords. we provide a web based interface to change their passwords and so the checking done by executing /usr/bin/passwd is not implemented. im thinking of dictionary cracking my users passwords so that i can narrow down on those only on those whos passwords need fixing, that is, only those whose passwords can be dictionary cracked. does anyone know of an application that can do what i want ? TIA, Chad A. Adlawan System/Network Admin Pixelia Multimedia Co. Cebu City Philippines
