Date: Sun, 15 Dec 1996 15:57:24 -0600 (CST) From: "Brian T. Wightman" <wightman@sol.acs.uwosh.edu> To: security@freebsd.org Subject: Re: vulnerability in new pw suite Message-ID: <Pine.GSO.3.95.961215154121.20060A-100000@epsilon> In-Reply-To: <199612152039.NAA23837@phaeton.artisoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 15 Dec 1996, Terry Lambert wrote: > Date: Sun, 15 Dec 1996 13:39:04 -0700 (MST) > From: Terry Lambert <terry@lambert.org> > To: Bob Bishop <rb@gid.co.uk> > Cc: terry@lambert.org, proff@iq.org, security@freebsd.org, > hackers@freebsd.org > Subject: Re: vulnerability in new pw suite > > I'm tired of having passwd not let me use whatever password I want, > considering that with a shadow file, the user will have to brute-force > it through /bin/login or equivalent. It seems the harder it becomes to > see my post-encryption password, the more anal the passwd command > becomes about making post-encryption passwords "safe" from attacks > which are impossible to institute unless root has been compromised. > > Just my opinion about anal passwd programs... I have seen arguments made on both sides of this issue. One thing that I can see as a positive of an anal passwd program is that it turns a dictionary attack into a brute force attack. Number of all possible passwords == P Number of words in a dictionary that can be used in a "reasonable" amount of time, and which are denied by the passwd program == D (reasonable needs to be defined here) P - D = p As long as (p >> D), not using an anal password program reduces a brute force attack to a dictionary attack. When D becomes close in size to p, then brute force == dictionary, and the requirements / restrictions gain you nothing. Since people will by nature pick "easy" to remember passwords (words in the dictionary D), if D is small enough to require a cracker to use a brute force attack instead of a dictionary attack, then it is a good thing. When D becomes large enough to frustrate the users and "force" them to post-it-note the passwords, or make a dictionary search about as equal as a brute force attack, then it has gone beyond the goodness factor (in my mind, anyway). A little bit of anality, like not allowing the username, the most common first names, machine names, etc as a password, is probably a good thing. Making it so that (for whatever reason) Fic.He"" becomes a bad password (Fire is cool. Heh Heh Heh) (well, now it is ;) is not a good thing since it introduces other problems with the password system (post-it syndrom, etc). Just my $0.02 Brian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.95.961215154121.20060A-100000>