LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-02-2009, 08:38 PM   #1
athomas
Member
 
Registered: May 2009
Location: Eastern Shore, MD, USA
Distribution: CentOS 5.5
Posts: 184

Rep: Reputation: 15
BAD PASSWORD: it is based on a dictionary word


I'm logged in as a user on a machine, trying to change the password. I'm getting:

Code:
BAD PASSWORD: it is based on a dictionary word
I'm trying things like p@ssword, and other very cryptic passwords, and still getting this. How do I resolve this?
 
Old 07-02-2009, 09:13 PM   #2
AsusDave
Member
 
Registered: Jul 2008
Distribution: Debian, Ubuntu 10.04
Posts: 151

Rep: Reputation: 34
P@ssword is really not a good password since it is based on a dictonary word. Only 1 letter is different.

A good password will be
* between 7 - 15 characters long (usually I try to shoot for 8 - 10)
* Contain capital letters
* Contain lowercase letters
* Contain numbers
* Contain at least one symbol (@, #, &, *, ^, $, etc.)
* Not be based on a dictionary word (this is one of the first things an attacker will try is a dictionary based cracker)

An example of a good password would be (don't use this one since its on a public forum)

D&rHCy3#Kd9q

HTH
Dave
 
Old 07-02-2009, 09:21 PM   #3
murankar
Member
 
Registered: Jan 2008
Location: Cleveland Ohio
Distribution: Current CentOS 5.6
Posts: 117

Rep: Reputation: 20
Here is a sample scheme for a strong password:

DAY22night!!

The order does not matter as long as you incorporate the capitals lowercas numbers and special symbols.
 
Old 07-02-2009, 09:40 PM   #4
jlinkels
Senior Member
 
Registered: Oct 2003
Location: Bonaire, Leeuwarden
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 4,703

Rep: Reputation: 730Reputation: 730Reputation: 730Reputation: 730Reputation: 730Reputation: 730Reputation: 730
Quote:
Originally Posted by AsusDave View Post

An example of a good password would be (don't use this one since its on a public forum)

D&rHCy3#Kd9q
Another password rule says never to write down your password, and another one says you should not use one password for multiple environments, and another one says you should regularly change the password.

Who is able to adhere to all four rules?

jlinkels
 
Old 07-02-2009, 11:11 PM   #5
speck
Member
 
Registered: Nov 2001
Location: US
Distribution: Slackware 14.2
Posts: 354

Rep: Reputation: 93
Quote:
Originally Posted by jlinkels View Post
Another password rule says never to write down your password, and another one says you should not use one password for multiple environments, and another one says you should regularly change the password.

Who is able to adhere to all four rules?

jlinkels
And thus the birth of the password manager program (KeePass, Password Safe, etc).
 
Old 07-03-2009, 01:30 AM   #6
athomas
Member
 
Registered: May 2009
Location: Eastern Shore, MD, USA
Distribution: CentOS 5.5
Posts: 184

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by murankar View Post
Here is a sample scheme for a strong password:

DAY22night!!

The order does not matter as long as you incorporate the capitals lowercas numbers and special symbols.
Right but I've made a password, not an actual word whatsoever, and consisted of letters and numbers.

Never had this issue before, installed the OS on another PC, used the same pass Im trying to use on this computer... I have no clue what the problem is.
 
Old 07-03-2009, 08:27 AM   #7
murankar
Member
 
Registered: Jan 2008
Location: Cleveland Ohio
Distribution: Current CentOS 5.6
Posts: 117

Rep: Reputation: 20
That was just an example not to be taken literal. It is easier just to put out a sample than explain it. I would not use a password that contains words also.
 
Old 07-03-2009, 08:28 AM   #8
athomas
Member
 
Registered: May 2009
Location: Eastern Shore, MD, USA
Distribution: CentOS 5.5
Posts: 184

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by murankar View Post
That was just an example not to be taken literal. It is easier just to put out a sample than explain it. I would not use a password that contains words also.
I'm not using anything with words, it's letters/numbers that don't spell out anything at all. This password has always worked.
 
Old 07-03-2009, 01:31 PM   #9
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Debian "Jessie"
Posts: 6,087

Rep: Reputation: 407Reputation: 407Reputation: 407Reputation: 407Reputation: 407
If "insufficiently secure" passwords are driving you mad you should have the option to override the "strength check". Your security, or lack of it, is your business.

Try assigning the user's password as the root user:

Become root, then issue this command:
passwd username
That should fix it.

Otherwise, a "work-around" is to remember a phrase Eg: "I hate these stupid password checks imposed by dimwits in IT" = IhtspcibdiI

(I'm usually a little more creative and vitriolic, but this is a family-friendly forum )

If it now needs a number or other character, add one.
 
Old 07-04-2009, 12:08 AM   #10
athomas
Member
 
Registered: May 2009
Location: Eastern Shore, MD, USA
Distribution: CentOS 5.5
Posts: 184

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by tredegar View Post
If "insufficiently secure" passwords are driving you mad you should have the option to override the "strength check". Your security, or lack of it, is your business.

Try assigning the user's password as the root user:

Become root, then issue this command:
passwd username
That should fix it.

Otherwise, a "work-around" is to remember a phrase Eg: "I hate these stupid password checks imposed by dimwits in IT" = IhtspcibdiI

(I'm usually a little more creative and vitriolic, but this is a family-friendly forum )

If it now needs a number or other character, add one.
I'm not sure why I'm not being understood.

Again, the password is a jumbled mess of letters and numbers, that spell nothing at all, and is in no way an acronym for anything.
 
Old 07-04-2009, 12:39 AM   #11
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,074

Rep: Reputation: 386Reputation: 386Reputation: 386Reputation: 386
If the passwords are truly random, the problem must lie somewhere either in the pam configuration files (assuming you are using pam for logins) and/or the cracklib library which is where these fancy checks are done as far as I know.

I really know not much about the internals of pam, but since no one else has spoken about that I guessed that it could at least give you a couple of hints on where to look or what to search for.

Just as a side note, and to be sure that the passwords are totally random, I will tell you that I generate all my passwords using the makepass tool. For example:

Code:
makepass --char=16
That way you can be sure that it's totally random. But, for what you say, I am fairly sure that there's some kind of problem with pam or cracklib.
 
Old 07-04-2009, 06:03 AM   #12
athomas
Member
 
Registered: May 2009
Location: Eastern Shore, MD, USA
Distribution: CentOS 5.5
Posts: 184

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by i92guboj View Post
If the passwords are truly random, the problem must lie somewhere either in the pam configuration files (assuming you are using pam for logins) and/or the cracklib library which is where these fancy checks are done as far as I know.

I really know not much about the internals of pam, but since no one else has spoken about that I guessed that it could at least give you a couple of hints on where to look or what to search for.

Just as a side note, and to be sure that the passwords are totally random, I will tell you that I generate all my passwords using the makepass tool. For example:

Code:
makepass --char=16
That way you can be sure that it's totally random. But, for what you say, I am fairly sure that there's some kind of problem with pam or cracklib.
So... reinstall the OS? It's a fresh install, didn't do anything but run updates. Again, OS is PC Linux 2009.
 
Old 07-04-2009, 07:51 AM   #13
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,074

Rep: Reputation: 386Reputation: 386Reputation: 386Reputation: 386
If it's a clean install reinstalling is not gonna solve anything, unless there has been some nasty corruption. There must be an explanation and a solution for this problem. I am just not knowledgeable enough about the issue to be able to be of any help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
BAD PASSWORD: it is based on a dictionary word zahadumy Linux - Software 14 07-21-2016 07:20 AM
How can I loosen the "dictionary word" password rule? mozkill Linux - Security 10 01-25-2009 08:29 PM
comparing a word using dictionary malikah Programming 3 07-13-2008 03:56 AM
bad password based on dictionary word muhammednavas Linux - Security 2 01-12-2007 04:25 AM
a word dictionary. jobano Linux - General 3 08-31-2004 07:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 02:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration