From owner-freebsd-security Sun Dec 15 13:56:42 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id NAA03939 for security-outgoing; Sun, 15 Dec 1996 13:56:42 -0800 (PST) Received: from sol.acs.uwosh.edu (newsol.acs.uwosh.edu [141.233.143.1]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id NAA03930 for ; Sun, 15 Dec 1996 13:56:40 -0800 (PST) Received: (qmail 18434 invoked from smtpd); 15 Dec 1996 21:57:24 -0000 Received: from epsilon (HELO epsilon.acs.uwosh.edu) (unknown@141.233.143.33) by smtp.acs.uwosh.edu with SMTP; 15 Dec 1996 21:57:24 -0000 Received: (qmail 20065 invoked by uid 1096); 15 Dec 1996 21:57:25 -0000 Date: Sun, 15 Dec 1996 15:57:24 -0600 (CST) From: "Brian T. Wightman" X-Sender: wightman@epsilon To: security@freebsd.org Subject: Re: vulnerability in new pw suite In-Reply-To: <199612152039.NAA23837@phaeton.artisoft.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sun, 15 Dec 1996, Terry Lambert wrote: > Date: Sun, 15 Dec 1996 13:39:04 -0700 (MST) > From: Terry Lambert > To: Bob Bishop > Cc: terry@lambert.org, proff@iq.org, security@freebsd.org, > hackers@freebsd.org > Subject: Re: vulnerability in new pw suite > > I'm tired of having passwd not let me use whatever password I want, > considering that with a shadow file, the user will have to brute-force > it through /bin/login or equivalent. It seems the harder it becomes to > see my post-encryption password, the more anal the passwd command > becomes about making post-encryption passwords "safe" from attacks > which are impossible to institute unless root has been compromised. > > Just my opinion about anal passwd programs... I have seen arguments made on both sides of this issue. One thing that I can see as a positive of an anal passwd program is that it turns a dictionary attack into a brute force attack. Number of all possible passwords == P Number of words in a dictionary that can be used in a "reasonable" amount of time, and which are denied by the passwd program == D (reasonable needs to be defined here) P - D = p As long as (p >> D), not using an anal password program reduces a brute force attack to a dictionary attack. When D becomes close in size to p, then brute force == dictionary, and the requirements / restrictions gain you nothing. Since people will by nature pick "easy" to remember passwords (words in the dictionary D), if D is small enough to require a cracker to use a brute force attack instead of a dictionary attack, then it is a good thing. When D becomes large enough to frustrate the users and "force" them to post-it-note the passwords, or make a dictionary search about as equal as a brute force attack, then it has gone beyond the goodness factor (in my mind, anyway). A little bit of anality, like not allowing the username, the most common first names, machine names, etc as a password, is probably a good thing. Making it so that (for whatever reason) Fic.He"" becomes a bad password (Fire is cool. Heh Heh Heh) (well, now it is ;) is not a good thing since it introduces other problems with the password system (post-it syndrom, etc). Just my $0.02 Brian