Re: FAS password complexity requirements

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Also, I would think we should not allow for same characters adjacent to each other.

For ex, Say - "rep@rcuss1on" this would be hard but a brute force can still crack this....  (offline password crack using johntheripper recent rootkit.com exploit).

~Jose

On 20/03/2011 12:49 p.m., Kevin Fenzi wrote:
On Thu, 17 Mar 2011 20:58:36 -0400
Ricky Zhou <ricky@xxxxxxxxxxxxxxxxx> wrote:

Hey, so we discussed in the meeting, FAS's password requirements are
currently very lax - just a minimum length of 8 characters.  What do
we think the requirements should be changed to?

One possible strength checker that I mentioned during the meeting was:
http://www.nongnu.org/python-crack/

This can use a dictionary to detect weak passwords.

Thoughts?
I think a bit of requirements could be good here. 

What are the requirements used by anaconda/passwd? 
Many fedora folks should be used to those. pam_cracklib defaults to 8
char I think (man pam_cracklib), but not sure on which other things it
gates. 

- forbid the login in the password (either forward or backward)
- 8 chars
- at least 1 upper case
- at least 1 special char

Or the like. I think having some requirements is good... 

kevin
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux