Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Why use strong passwords?
Special Forums Cybersecurity Why use strong passwords? Post 302727041 by Neo on Monday 5th of November 2012 02:26:58 PM
Old 11-05-2012
Quote:
Originally Posted by jgt
Passwords are no longer stored in /etc/passwd. If you have access to /etc/shadow, then you already have root access to the target system anyway, either through the root password, or physical access.
Yes, I am using the term "password file" in the general since, as we have not discussed a specific system, algorithm, configuration, security policy, etc.

And, we are getting far off topic in my view; the original poster asked why there is a requirement for strong passwords versus weak ones; not for a discussion of every possible argument pro and con for security.

It's not that hard for an experienced attacker to gain root access; but that is not a topic for this thread. In fact, as we know, we can gain root access for most any computer we have physical access to.

Let's not go down that path.. thanks. The path just gets further and further off topic of the question asked by the original poster.
 

2 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Strong quotes and spaces

We ran into a problem because of a shop that uses Windows and UNIX. The file names that Windows uses have spaces in them. When they get moved to the unix system they still have spaces. This produces a problem in our script that moves them again from one unix system to another. I've made up a... (2 Replies)
Discussion started by: jimcampanella
2 Replies

2. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

LEARN ABOUT CENTOS

pwscore

PWSCORE(1)						      General Commands Manual							PWSCORE(1)

NAME

       pwscore - simple configurable tool for checking quality of a password

SYNOPSIS

       pwscore [user]

DESCRIPTION

       pwscore is a simple tool for checking quality of a password. The password is read from stdin.

       The  tool  uses the libpwquality library to perform configurable checks for minimum length, dictionary checking against cracklib dictionar-
       ies, and other checks.

       It either reports an error if the password fails any of the checks, or it prints out the password quality score as an integer value between
       0 and 100.

       The  password  quality  score is relative to the minlen setting in the configuration file. But in general values below 50 can be treated as
       moderate quality and above it fairly strong quality. Any password that passes the quality checks (especially the mandatory cracklib  check)
       should withstand dictionary attacks and scores above 50 with the default minlen setting even fast brute force attacks.

OPTIONS

       The first and only optional argument is the user name that is used to check the similarity of the password to the username.

FILES

       /etc/security/pwquality.conf - The configuration file for the libpwquality library.

RETURN CODES

       pwscore returns 0 on success, non zero on error.

SEE ALSO

       pwscore(1), pwquality.conf(5), pam_pwquality(8)

AUTHORS

       Tomas Mraz <tmraz@redhat.com>

Red Hat, Inc.							    10 Nov 2011 							PWSCORE(1)
All times are GMT -4. The time now is 03:24 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy