[2677] in bugtraq
Re: Not so much a bug as a warning of new brute force attack
daemon@ATHENA.MIT.EDU (Joe Block)
Tue Jun 4 18:49:51 1996
Date: Tue, 4 Jun 1996 10:07:26 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Joe Block <jpb@magicnet.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.SUN.3.90.960604161655.6463F-100000@papaioea.manawatu.gen.nz>
>On Mon, 3 Jun 1996, Brett L. Hawn wrote:
>What about a fascist passwd program which refers to a dictionary and
>rejects "easy" passwords? Does such an animal exist?
One of the sample programs in _Programming Perl_ is a perl passwd that does
just that - checks for length, checks against dictionary files, checks to
make sure you're not using simple two word combinations, makes sure they're
not a social security or phone number, makes sure you're not using your
userid/name, someone else on the systems userid/name, checks for license
plates, sequences of consecutive keys on the keyboard, entries in
/etc/hosts, makes sure that if you're using the "type in the first char of
each word of a phrase" method of generating your password that you don't
use a common phrase, and even keeps a history of the passwords you've used
and doesn't let you reuse them.
It seems pretty thorough.
Joe Block <jpb@magicnet.net>
System Administrator
Magicnet Inc
407-657-2202 (v)
407-679-8562 (f)
