LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-04-2005, 12:50 PM   #1
qwijibow
Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
passwd: Bad password, too simplistic ???


am using an encrypted home directory, and mounting it with pam_mount

so i decided to change my passowrd from my usual 8 character password to a more secure one.

i managed to think of a 35 character passphrase that contains upper and lowerf#case letters, numbers, and symbols, and half the words in the passphare are not real words in any language. AND... i can easily remember it.

why does passwd think that this password is too simplistic !!??
 
Old 02-04-2005, 01:36 PM   #2
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2371Reputation: 2371Reputation: 2371Reputation: 2371Reputation: 2371Reputation: 2371Reputation: 2371Reputation: 2371Reputation: 2371Reputation: 2371Reputation: 2371
Hi,

Could it be that only the first 8 chars of your 35 long password are used/checked?

Take a look in your /etc/login.defs or appropriate pam config file.

Hope this helps.
 
Old 02-05-2005, 04:58 PM   #3
qwijibow
Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Original Poster
Rep: Reputation: 47
attempting to logon and entering the first 34 characters correctly causes an invalid password respoce, so it must be using all 35.

is this just a bug in passwd ?
surely a 35character passphrase with upper case, lower case, symbols, and only partially made up or read words (to prevent optimised dictionalry hacks) SHOULD be as good as passwords can get right ?

ive dont the maths, and the password is theoretically as secure as the resulting hash used to by the aes cipher.
 
  


Reply

Tags
password


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Howto change system password policies (passwd length, complexity) tisource Linux - Security 3 09-06-2005 12:01 AM
ow to create script change a user's password? passwd expects input from keyboard.. Arodef Linux - General 1 03-02-2005 10:40 PM
passwd set password to blank - always fantunes Linux - Security 4 07-27-2004 06:41 AM
Bash script to edit passwd without Root password? NetFlash Linux - Newbie 2 11-29-2003 04:22 PM
how decode the passwd file's password? yikaikai Linux - Security 10 08-07-2001 04:13 AM


All times are GMT -5. The time now is 07:14 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration