LinuxQuestions.org - passwd: Bad password, too simplistic ???

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - passwd: Bad password, too simplistic ??? (https://www.linuxquestions.org/questions/linux-security-4/passwd-bad-password-too-simplistic-286246/)

qwijibow

02-04-2005 12:50 PM

passwd: Bad password, too simplistic ???

am using an encrypted home directory, and mounting it with pam_mount

so i decided to change my passowrd from my usual 8 character password to a more secure one.

i managed to think of a 35 character passphrase that contains upper and lowerf#case letters, numbers, and symbols, and half the words in the passphare are not real words in any language. AND... i can easily remember it.

why does passwd think that this password is too simplistic !!??

druuna

02-04-2005 01:36 PM

Hi,

Could it be that only the first 8 chars of your 35 long password are used/checked?

Take a look in your /etc/login.defs or appropriate pam config file.

Hope this helps.

qwijibow

02-05-2005 04:58 PM

attempting to logon and entering the first 34 characters correctly causes an invalid password respoce, so it must be using all 35.

is this just a bug in passwd ?
surely a 35character passphrase with upper case, lower case, symbols, and only partially made up or read words (to prevent optimised dictionalry hacks) SHOULD be as good as passwords can get right ?

ive dont the maths, and the password is theoretically as secure as the resulting hash used to by the aes cipher.

All times are GMT -5. The time now is 10:24 PM.