Re: Password complexity rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Oct 14, 2011 at 06:34:33AM -0700, Rod MacPherson wrote:
> Hi, I just read about the new fedora project password change, and the thing that caught my attention is your interesting password complexity rules. 9 char if using upper, lower, numbers and special chars, 20 chars otherwise. 
> 
> I have never seen this type of complexity rule in action before, so the first thing that sprung to my mind is "what PAM plugins are they using to accomplish this, and where can I get that?" 
> 
> I'm sure other security professionals would love to try this, but the standard modules in most Linux distros only allow very simple min length, min complexity settings, not an if complexity >= this, min_length == min1, else min_length == min2
> 
> I'd like to do a write-up about this for infosecisland.com which can include an interview with someone at fedoraproject if you like, but doesn't have to.
> 
Unfortunately, (from a reuse standpoint; perhaps fortunately from a coding
standpoint :-) pam is not involved here.  We manage our accounts through
a web application so changing passwords goes through the web application.
We simply coded the new checks in there.

The majority of the code involved with strength checking is here::

http://git.fedorahosted.org/git?p=fas.git;a=blob;f=fas/validators.py;h=21910ca0c87a8d2d9e406f74434860fe82b8f510;hb=HEAD#l231

The paper with recommendations that we based the rules on was here:
http://staff.science.uva.nl/~delaat/sne-2009-2010/p34/report.pdf

And finally, our ticket about implementing this is here:
https://fedorahosted.org/fedora-infrastructure/ticket/2804

-Toshio

Attachment: pgpoeZH33du2V.pgp
Description: PGP signature

-- 
websites mailing list
websites@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/websites

[Index of Archives]     [Fedora Users]     [Linux ARM]     [ARM Kernel]     [Older Fedora Users]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

  Powered by Linux