[SLE] Password Problem
hmm.... that sucks because 8 digit passwords may be cracked hmm... the safest passowrd are about 14 long How can I Integrate some smart card (with chip) to login to suse ? is there some possibility ? mike -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Hi, On Thu, 27 Jan 2000, moth wrote:
that sucks because 8 digit passwords may be cracked
hmm...
the safest passowrd are about 14 long
How can I Integrate some smart card (with chip) to login to suse ?
is there some possibility ?
If you have a working PAM module, that should be possible. Starting with SuSE Linux 6.4, you will also be able to use MD5-passwords, which will give you a significantly longer password string (128 chars, IIRC) Thorsten is currently working on this. Bye, LenZ -- ------------------------------------------------------------------ Lenz Grimmer SuSE GmbH mailto:grimmer@suse.de Schanzaeckerstr. 10 http://www.suse.de/~grimmer 90443 Nuernberg, Germany -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
moth wrote:
hmm....
that sucks because 8 digit passwords may be cracked
hmm...
the safest passowrd are about 14 long
In most Unix systems the password is used to encrypt a constant so theoretically you have 2^56 passwords but if we just allow the 94 printable characters then you have 6,095,689,385,410,816 passwords or the equivalent of 15 digits. They can be cracked but you need several days to do so unless you have chosen one that fits crack's rules.
How can I Integrate some smart card (with chip) to login to suse ?
is there some possibility ?
A friend of mine has installed a RADIUS pam module on Solaris and my understanding is that Linux pam is more advanced, of course you then need a RADIUS server. /Michael -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Michael Salmon wrote:
moth wrote:
hmm....
that sucks because 8 digit passwords may be cracked
hmm...
the safest passowrd are about 14 long
In most Unix systems the password is used to encrypt a constant so theoretically you have 2^56 passwords but if we just allow the 94 printable characters then you have 6,095,689,385,410,816 passwords or the equivalent of 15 digits. They can be cracked but you need several days to do so unless you have chosen one that fits crack's rules.
Is the `crack' program publicly available? It would seem like a good idea to run it on any putative password. Paul Abrahams -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
"Paul W. Abrahams" wrote:
Michael Salmon wrote:
moth wrote:
hmm....
that sucks because 8 digit passwords may be cracked
hmm...
the safest passowrd are about 14 long
In most Unix systems the password is used to encrypt a constant so theoretically you have 2^56 passwords but if we just allow the 94 printable characters then you have 6,095,689,385,410,816 passwords or the equivalent of 15 digits. They can be cracked but you need several days to do so unless you have chosen one that fits crack's rules.
Is the `crack' program publicly available? It would seem like a good idea to run it on any putative password.
Alec Muffet's home page is http://www.users.dircon.co.uk/~crypto/ you can get a copy from there. Beware though crack got Randal Schwartz into a lot of trouble (http://www.lightlink.com/spacenka/fors/news/msg00454.html). Crack isn't really all that usefull for checking one password, it is designed to break an entire password file. There is an rpm on the SuSE distribution designed to check passwords when you change them, that may be better for your purposes. /Michael -- This space intentionally left non-blank. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
in the last few years, i have not heard of any systems being cracked by force passwd attacks. Shadow passwd's already provide alot more security than the old-style passwd files. Still, i think a good admin should run john or crack on the shadow's, just to weed out people doing stuff like "l/p: jspams/jspams2233". passwd sniffing seems to be the greatest problem. pop is evil, telnet is evil, http is evil. OpenSSH to bind them all. -- ======================================================================== Rocky McGaugh Atipa Linux Solutions Linux Systems Engineer www.atipa.com rocky@smluc.org rmcgaugh@atipa.com ======================================================================== -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Michael Salmon wrote:
"Paul W. Abrahams" wrote:
Michael Salmon wrote:
moth wrote:
hmm....
that sucks because 8 digit passwords may be cracked
hmm...
the safest passowrd are about 14 long
In most Unix systems the password is used to encrypt a constant so theoretically you have 2^56 passwords but if we just allow the 94 printable characters then you have 6,095,689,385,410,816 passwords or the equivalent of 15 digits. They can be cracked but you need several days to do so unless you have chosen one that fits crack's rules.
Is the `crack' program publicly available? It would seem like a good idea to run it on any putative password.
Alec Muffet's home page is http://www.users.dircon.co.uk/~crypto/ you can get a copy from there. Beware though crack got Randal Schwartz into a lot of trouble (http://www.lightlink.com/spacenka/fors/news/msg00454.html). Crack isn't really all that usefull for checking one password, it is designed to break an entire password file. There is an rpm on the SuSE distribution designed to check passwords when you change them, that may be better for your purposes.
Which rpm is that? What's the specific program that needs to be installed? Paul Abrahams -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
"Paul W. Abrahams" wrote:
Michael Salmon wrote:
"Paul W. Abrahams" wrote:
Michael Salmon wrote:
moth wrote:
hmm....
that sucks because 8 digit passwords may be cracked
hmm...
the safest passowrd are about 14 long
In most Unix systems the password is used to encrypt a constant so theoretically you have 2^56 passwords but if we just allow the 94 printable characters then you have 6,095,689,385,410,816 passwords or the equivalent of 15 digits. They can be cracked but you need several days to do so unless you have chosen one that fits crack's rules.
Is the `crack' program publicly available? It would seem like a good idea to run it on any putative password.
Alec Muffet's home page is http://www.users.dircon.co.uk/~crypto/ you can get a copy from there. Beware though crack got Randal Schwartz into a lot of trouble (http://www.lightlink.com/spacenka/fors/news/msg00454.html). Crack isn't really all that usefull for checking one password, it is designed to break an entire password file. There is an rpm on the SuSE distribution designed to check passwords when you change them, that may be better for your purposes.
Which rpm is that? What's the specific program that needs to be installed?
You can use john or vpass, both are in sec. /Michael -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (5)
-
abrahams@mbs.valinet.com
-
grimmer@suse.de
-
Michael.Salmon@uab.ericsson.se
-
moth@promail.pl
-
rmcgaugh@atipa.com