Bugtraq mailing list archives

Re: Not so much a bug as a warning of new brute force attack

From: jpb () magicnet net (Joe Block)
Date: Tue, 4 Jun 1996 10:07:26 -0400

On Mon, 3 Jun 1996, Brett L. Hawn wrote:
What about a fascist passwd program which refers to a dictionary and
rejects "easy" passwords? Does such an animal exist?


One of the sample programs in _Programming Perl_ is a perl passwd that does
just that - checks for length, checks against dictionary files, checks to
make sure you're not using simple two word combinations, makes sure they're
not a social security or phone number, makes sure you're not using your
userid/name, someone else on the systems userid/name, checks for license
plates, sequences of consecutive keys on the keyboard, entries in
/etc/hosts, makes sure that if you're using the "type in the first char of
each word of a phrase" method of generating your password that you don't
use a common phrase, and even keeps a history of the passwords you've used
and doesn't let you reuse them.

It seems pretty thorough.

Joe Block <jpb () magicnet net>

System Administrator
Magicnet Inc
407-657-2202 (v)
407-679-8562 (f)

Current thread:

Attacks using pop, (continued)
- - - Attacks using pop Alan Brown (Jun 03)
    - Re: Attacks using pop simes () tcp co uk (Jun 04)
    - Re: Attacks using pop Alan Brown (Jun 04)
- [linux-alert] Serious Security hole in getpwnam () [Forwarded Jeff Uphoff (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Aaron Merifield (Jun 03)
  - Re: Not so much a bug as a warning of new brute force attack Brett L. Hawn (Jun 03)
    - pop3 daemon with syslog logging Gunnar Ingvi Thorisson (Jun 03)
    - Re: Not so much a bug as a warning of new brute force attack Alan Brown (Jun 03)
    - Re: Not so much a bug as a warning of new brute force attack Brian Davidson (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Russell Street (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Joe Block (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Thayne Forbes (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Steve Chew (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Shaun Lowry (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Valdis.Kletnieks () vt edu (Jun 04)
    - rexec brute bastard (Jun 04)
    - Selecting Good Passwords mdr () vodka sse att com (Jun 04)
    - brute force *Hobbit* (Jun 04)
    - Re: brute force Christopher Klaus (Jun 04)
    - Re: brute force Tom Fitzgerald (Jun 05)
    - Re: brute force Alan Brown (Jun 06)

(Thread continues...)