by Don McEwe » Thu, 28 May 1998 04:00:00
Can anyone recommend a solution where by you attempt to crack a password
when the password is changed ??? I'm running crack5 against and have
found
users that change to another poor password. I'd like to take a crack (no
pun intended)
at it when they attempt to select a new password. I know there are lots
of
folks that do this, anyone care to share experience with me on a good
answer ??
Thanks in advance,
Don
by Bill Unr » Thu, 28 May 1998 04:00:00
Use Muffet's CrackLib to impliment a password checking routine while theQuote:>Can anyone recommend a solution where by you attempt to crack a password
>when the password is changed ??? I'm running crack5 against and have
>found
>users that change to another poor password. I'd like to take a crack (no
>pun intended)
>at it when they attempt to select a new password. I know there are lots
>of
>folks that do this, anyone care to share experience with me on a good
>answer ??
>Thanks in advance,
>Don
Note that you could also replace the crypt(3) dynamic library routine to
check the plaintext password against cracklib, and warn the
user/sysadmin of a weak password everytime they log on. Of course this
is dangerous as it could give an attacker the information as to whose
passwords are actually weak so he could concentrate his attack.
by Martin Ouweha » Fri, 29 May 1998 04:00:00
Quote:(Bill Unruh) writes:
[...]
]
] Use Muffet's CrackLib to impliment a password checking routine while the
] user is changng the password. In fact since passwd knows the plaintext
] password, it can check it much more stringently than any runing of
] cracklib can.
My passwd_wrapper software does just that: it's a wrapper of the passwd
command which tests the security of the user's intended new password
with Alec Muffet's CrackLib. It's available here:
http://sehp1.epfl.ch/security/passwd_wrapper/
It's very easy to modify the password checking routine to anything you
like.
--
Service Informatique Central Central Computing Service
Ecole Polytechnique Fdrale - Lausanne - Swiss Federal Institute of Technology
===== Email, PGP public key: http://slwww.epfl.ch/SIC/SL/info/Martin.html =====
by Tom Zoern » Sun, 31 May 1998 04:00:00
ftp://ftp.informatik.uni-erlangen.de/pub/utilities/pwtest/mangle-0.3....
It's based on Alec Muffet's CrackLib, but with tons of new tests, esp.
a systematic attempt of (reverse-)derivation of dictionary words from the
password. This is guided against the new possibilities that crack-5 offers
when using external rule generators.
More importantly, mangle tells the user *why* the password is bad and
*how* to improve it. It's is in widespread use at our university by now.
Written in Perl-5, no C compiler required.
-tom
1. Crack passwords at change time
3. Tools to change password without ask new password twice time.
5. Can I change all user's password one time ???
6. Best distro for running 3d animation programs?
7. One-time forcing of a user to change their password.
8. sysstat-3.3.1 - System performance tools for Linux
9. Changing Password Expiry Time
10. Can I change all the user passwords at one time.
11. ssh change password & shadow password
12. Changing password when password isn't in /etc/passwd?
13. change password policy to accept very simple passwords