|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Does restricting partial words weaken passwords?
|
gabriel rosenkoetter wrote:
>
> On Fri, Aug 31, 2001 at 11:33:06AM -0400, Dave Turner wrote:
> > Someone reported having a password checker reject a password on the basis of
> > "partial word match".
>
> Which one? It's pretty expensive to do this kind of checking.
> npasswd takes long enough as it is for my taste.
I dunno. Someone reported it. Forget who.
It's also trivial to do this - just load up an array of 17576 1s and 0s.
> > It's Debian GNU/Linux's, yeah. Probably different distros have different
> > dictionaries.
>
> So far as I know, they're the same, or at least very similar.
>
> > But you don't have to deal with a wide range of systems, some of which don't
> > allow these. I chose to deal with only lowercase letters. Adding uppercase
> > letters would make no difference, since you could also mix up the case of the
> > dictionary.
>
> What are you talking about? Find me a commonly-used operating system
> that can't recognize 256 characters of ASCII and print most of
> them. I dare you. I don't care if the upper 128 aren't the same
> printed character between systems; as long as I know the ASCII
> codes I used in my password and how to generate them on various
> systems, I can use them. And do, on Unix (including Solaris, NetBSD
> on three distinct keyboard setups, Linux, and NeXTStep), Mac OS (9
> or earlier and X), and Windows (whatever).
What about email systems, etc. Someone (forget who) reported very strict
limits on passwords based on single signon systems which had to interoperate
with legacy email, file server, etc systems.
> I have more to say about the Perl you attached, but I don't have
> time right now to actually think it all through and type it up
> coherently. (There are arriving freshmen to tend to.)
Yeah, it's ugly as hell. I wasn't trying for prettyness :)
Sorry to moderators for making you manually approve this, I am too busy right
now to fix my broken email system (and anyway, yours is broken because it
looks at Sender rather than From)
--
-[Dave Turner Stalk me: (215)-545-2859]
------------------------------------------------------------------------
*** Error: The method "java.lang.Object newInstance();" can throw the
checked exception "java/lang/IllegalAccessException", but its invocation
is neither enclosed in a try statement that can catch that exception
nor in the body of a method or constructor that "throws" that exception.
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|