11-05-2012
Why use strong passwords?
Why is there such an emphasis on strong passwords?
My understanding is that brute force or dictionary attacks are only possible when the attacker can test a large number of passwords in a reasonable amount of time. Modern Unix systems do not expose the encrypted passwords and have limits on how many passwords can be attempted so how can a weak password be exploited?
Al
2 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
We ran into a problem because of a shop that uses Windows and UNIX.
The file names that Windows uses have spaces in them. When they get moved to the unix system they still have spaces. This produces a problem in our script that moves them again from one unix system to another. I've made up a... (2 Replies)
Discussion started by: jimcampanella
2 Replies
2. UNIX for Advanced & Expert Users
I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies
LEARN ABOUT CENTOS
pwmake
PWMAKE(1) General Commands Manual PWMAKE(1)
NAME
pwmake - simple tool for generating random relatively easily pronounceable passwords
SYNOPSIS
pwmake <entropy-bits>
DESCRIPTION
pwmake is a simple configurable tool for generating random and relatively easily pronounceable passwords. The tool allows you to specify
the number of entropy bits that are used to generate the password.
The entropy is pulled from /dev/urandom.
The minimum number of bits is 56 which is usable for passwords on systems/services where brute force attacks are of very limited rate of
tries. The 64 bits should be adequate for applications where the attacker does not have direct access to the password hash file. For situ-
ations where the attacker might obtain the direct access to the password hash or the password is used as an encryption key 80 to 128 bits
should be used depending on your level of paranoia.
OPTIONS
The first and only argument is the number of bits of entropy used to generate the password.
FILES
/etc/security/pwquality.conf - The configuration file for the libpwquality library.
RETURN CODES
pwmake returns 0 on success, non zero on error.
SEE ALSO
pwscore(1), pam_pwquality(8)
AUTHORS
Tomas Mraz <tmraz@redhat.com>
Red Hat, Inc. 10 Nov 2011 PWMAKE(1)