Bugtraq mailing list archives

Re: Not so much a bug as a warning of new brute force attack

From: schew () tis com (Steve Chew)
Date: Tue, 4 Jun 1996 12:05:24 -0400

You can lead a user to a good password but you can only make them use it for
so long.


What about a fascist passwd program which refers to a dictionary and
rejects "easy" passwords? Does such an animal exist?

        Yes, such a program does exist for UNIX.  It's actually a library
called 'CrackLib' which can easily be compiled into a program to check for
'easy-to-guess' passwords.  It checks the password against the local
dictionary as well as the user's personal info such as their real name
(as kept in the passwd file), and so on.  I've used it and it seems to
work quite nicely.  There may also be other similar programs.
        Using archie, you can search for 'cracklib25' to find sites that
have it.  Or you can get it via ftp from:
  coombs.anu.edu.au   in  /pub/security/words/cracklib25.tar.Z


                                Steve
                                schew () tis com

Current thread:

Re: Attacks using pop, (continued)
- - - Re: Attacks using pop Alan Brown (Jun 04)
- [linux-alert] Serious Security hole in getpwnam () [Forwarded Jeff Uphoff (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Aaron Merifield (Jun 03)
  - Re: Not so much a bug as a warning of new brute force attack Brett L. Hawn (Jun 03)
    - pop3 daemon with syslog logging Gunnar Ingvi Thorisson (Jun 03)
    - Re: Not so much a bug as a warning of new brute force attack Alan Brown (Jun 03)
    - Re: Not so much a bug as a warning of new brute force attack Brian Davidson (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Russell Street (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Joe Block (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Thayne Forbes (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Steve Chew (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Shaun Lowry (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Valdis.Kletnieks () vt edu (Jun 04)
    - rexec brute bastard (Jun 04)
    - Selecting Good Passwords mdr () vodka sse att com (Jun 04)
    - brute force *Hobbit* (Jun 04)
    - Re: brute force Christopher Klaus (Jun 04)
    - Re: brute force Tom Fitzgerald (Jun 05)
    - Re: brute force Alan Brown (Jun 06)
    - Re: Linux rlogin hole with libc 5.x Alan Brown (Jun 06)
    - Re: Linux rlogin hole with libc 5.x Pablo Idiaquez (Jun 06)

(Thread continues...)