Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

acceptable_password(3) [osf1 man page]

acceptable_password(3)					     Library Functions Manual					    acceptable_password(3)

NAME
acceptable_password - Determines if a password meets deduction requirements (Enhanced Security) LIBRARY
Security Library - libsecurity.so SYNOPSIS
int acceptable_password( char *word, FILE *stream); PARAMETERS
Points to the suggested password. Points to the stream to write diagnostics into. DESCRIPTION
The acceptable_password() function determines if the given password is difficult to deduce from well known, password-guessing heuristics. The cleartext (plaintext) password is passed as the first argument, and the file pointer of the stream that is used to report failure rea- sons is the second argument. If this checking is to be silent, the second argument should be a null file pointer. When the acceptable_password() function returns a value of 1, the password provided meets all the tests listed in the following text. When it returns a value of 0 (zero), the password failed to meet at least one of the tests. The selectivity criteria for the password include but cannot be limited to the following four tests: This test passes if the word is not a palindrome. (A palindrome is a word that is spelled the same backwards as it is forwards.) Examples of palindromes that fail this test are mom, dad, noon, redivider, radar. Palindromes do not make good passwords because they reduce an n character password to n/2 + 1 char- acters. A penetrator knowing that palindromes were legal could use heuristics that could deduce the password much more quickly than if they were excluded. This test passes if the password is not a derivative of a login name for the system. Many insecure systems allow passwords to be the login name itself. This is a fact known by many penetrators. All login names are excluded because a user that is the owner of several pseudouser accounts can elect to use the login name of one account as the password for all accounts. Similar to the login name issue, this test passes if the password is not a group name derivative. This test passes if the spell program determines that the password is not an English word. A penetrator then could not search the online dictionary to find the password. The spell program also has some built-in rules that go beyond the actual online dictionary in determining what is a proper word, and this routine takes advantage of that. NOTES
Programs that use this routine must be compiled with -lsecurity. FILES
System password file. System group file. RELATED INFORMATION
Functions: getpwent(3), getgrent(3). Commands: spell(1). delim off acceptable_password(3)

Check Out this Related Man Page

dispcrypt(3)						     Library Functions Manual						      dispcrypt(3)

NAME
dispcrypt - encrypt a password, dispatching based on the associated algorithm (Enhanced Security) LIBRARY
Security Library (libsecurity.so) In order to quickstart a program, the program must be linked as follows: -lsecurity -ldb -laud -lm See the shared library discussion in the Programmer's Guide for more information about using the quickstarting feature. SYNOPSIS
#include <prot.h> char *discprypt( const char *plaintext, const char *salt, int algorithm_index); PARAMETERS
plaintext The unencrypted password to be encrypted. salt A string value which may be used as input to the selected encryption algorithm. This parameter should be at least two charac- ters in length, and null-terminated. For password validation, it should be the encrypted password which is already in use. algorithm_index A value from 0 to (get_num_crypts()-1), indicating which encryption algorithm is to be used. For password validation, use the fd_oldcrypt field of an es_passwd structure. For password generation, use the fd_newcrypt field (and update the fd_oldcrypt field at the same time as the fd_encrypt field if the change is successful). DESCRIPTION
The dispcrypt() function applies the specified encryption algorithm to the given password string and salt value, and returns the encrypted form of the password. The return value is static data which is overwritten on subsequent calls to this function or to the encryption algo- rithms which it calls, so callers should save a copy of the string unless the only use is an immediate comparison during password valida- tion. RETURN VALUES
This routine returns NULL if there is an encryption failure. Otherwise, it returns a pointer to static data, which is the null-terminated encrypted password result. RELATED INFORMATION
passwd(1), getespwent(3), get_num_crypts(3) Security delim off dispcrypt(3)
Man Page