Randy McMurchy wrote:
Alexander E. Patrakov wrote these words on 08/07/05 22:53 CST:I propose to modify the Cracklib page in the BLFS book. It should at least state that there are other wordlists available that can reduce the chance of the users choosing a bad password.This is a good idea. If you can provide wordlists for various languages, I'll work at getting the links into the book.
Thanks. I am not sure that I will get that right. The fact that I didn't get the Russian setup right, speaks very much for itself and against he use of Cracklib in Russia :(
The mistake is: while I ruled out directly-typed Russian words, I missed the fact that transliterated Russian words are also bad passwords. Solution: in the addition to the above,
zcat russian_words.koi8.Z | translit.sh >>messed-russian-words But see below.
Heck, we're only talking about putting some links, and maybe a sentence about using an alternate word list in the book, so it isn't that big of a deal.
Maybe this wording: =======================================The wordlist used with Cracklib should contain combinations of keystrokes that are typically chosen by the users as bad (guessable) passwords. Otherwise, Cracklib would encourage users to choose passwords that are not in the list, but still bad, i.e. provide little or no additional security.
The default wordlist recommended above for downloading mostly satisfies this role in English-speaking countries. In other situations, it may be necessary to download (or even create) additional wordlists.
======================================= -- Alexander E. Patrakov
translit.sh
Description: Bourne shell script
-- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
