From owner-freebsd-questions Fri Feb 27 23:49:37 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA08236 for freebsd-questions-outgoing; Fri, 27 Feb 1998 23:49:37 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from shell6.ba.best.com (jkb@shell6.ba.best.com [206.184.139.137]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA08231 for ; Fri, 27 Feb 1998 23:49:34 -0800 (PST) (envelope-from jkb@best.com) Received: from localhost (jkb@localhost) by shell6.ba.best.com (8.8.8/8.8.BEST) with SMTP id XAA22907; Fri, 27 Feb 1998 23:49:29 -0800 (PST) X-Authentication-Warning: shell6.ba.best.com: jkb owned process doing -bs Date: Fri, 27 Feb 1998 23:49:29 -0800 (PST) From: Jan Koum X-Sender: jkb@shell6.ba.best.com To: "Eric A. Davis" cc: LOlayiwola , questions@FreeBSD.ORG Subject: Re: Unix System Security In-Reply-To: <199802270013.QAA20942@shark.nas.nasa.gov> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 26 Feb 1998, Eric A. Davis wrote: > >On Thu, 26 Feb 1998 19:30:06 -0400 (AST) Michael Richards wrote >>> 2) How could I as a security advisor advise a network administrator to cater >>> for this security problem. >>One important thing is to educate the users. Have them pick good >>passwords. Something like foobar is not a good password, nor is 555-2344, >>or julie. People who don't know any better commonly choose passwords like >>this. Take person X, he is going out with someone named Julie, and his >>phone number is 555-2344. Not hard to guess his password. >>If the cracker is able to get the passwd file they can run something >>called a dictionary crack on it. That involves going through the >>dictionary and trying permutations of words and numbers and trying them >>against the users. Someone with a bad password may match one of the >>program's guesses. >>A password like: 3%gP)3s would be a good one because it is not One reason this would not be a good password is if the user can't remember it is forced to write it down somewhere. -- Yan >>pronouncable, an english word it is not, hence there is little chance of a >>dictionary crack getting it. Also, if someone saw the 1st 3 characters, >>they couldn't guess the rest. Juli, if you knew the person would be an >>easy guess. >> > >To combat against users choosing bad passwords you should install a 'passwd' >app that pro-actively checks the password. That is, checks the password's >integrity before it is changed. Some excellent 'passwd' apps are Eppaswd, >passwd+, and npasswd. The Epasswd homepage also has some good statistics >about password permutations. > >http://www.nas.nasa.gov/~edavis/epasswd/ > >- eric > >-- > Eric Allen Davis Network Engineer > edavis@nas.nasa.gov NASA Ames Research Center > Voice: (415)604-2543 NAS Systems Division > Pager: (415)428-6931 http://www.nas.nasa.gov/~edavis > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message