On 5/27/09, Manuel Aróstegui <manuel@xxxxxxxxxxxxxx> wrote: > > On Wed, 2009-05-27 at 08:53 +0200, Kenneth Holter wrote: > > Hello all. > > > > > > We'd like to (automatically) check the strength of our users passwords. > We > > currently don't have a LDAP server, so the passwords are store in the > > servers' /etc/shadow file. > > Is there a light weight password cracking application for RHEL 5 either > from > > the official repo or EPEL, that can be run on a per server basis? > > > It is not hard to find a ldap cracker (John The Ripper support LDAP > password cracking) the problem is to find or to build a nice and big > passwords dictionary. > > Manuel. My idea about building this nice and big password dictionary is that we build a modified character permutation list. The modification is based on your users' password habit. For example, if you know the probability they only use alphanumerics is very small, and that they use alphanumerics plus 2 or 3 punctuation marks is very high, try that list first. Our users, according to my observation, use alphanumerics plus @, !, and $, (very rarely plus any t ype of bracket, etc). I have a very simple Perl script to do this. See http://yong321.freeshell.org/oranotes/PasswordRetrieval.txt That article is for retrieving Oracle passwords on users' request. But the idea is the same. Yong Huang -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
