[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: md5 hashing on passwords?
- From: Solar Designer <solar false com>
- To: pam-list redhat com
- Subject: Re: md5 hashing on passwords?
- Date: Sat, 30 Sep 2000 23:49:04 +0400 (MSD)
> > My only concern with this function is that it would still treat (e.g) two
> > 128-character passwords with good randomization as too similar if they
> > contained the same set of characters. Still, the proposed change is certainly
> > a far sight better than what we currently have, and I don't know of a simple
> > way to check if two passwords are too similar (or even a simple way to
> > /define/ if they're too similar), so I'm not going to worry too much about it.
> > :)
>
> What still concerns me is that a password like:
>
> thequickbrownfoxjumpsoverthelazydog
>
> would be hard to replace, since this check would basically match most of
> any conventional replacment. Any ideas on that?
Here's what I am using in pam_passwdqc:
match=N [match=4]
The length of common substring required to conclude that a password is
at least partially based on information found in a character string,
or 0 to disable the substring search. Note that the password will not
be rejected once a weak substring is found. Instead, the password
will be subjected to the usual strength requirements with the weak
substring removed.
The substring search is case-insensitive and is able to detect and
remove a common substring spelled backwards.
similar=permit|deny [similar=deny]
Whether a new password is allowed to be similar to the old one. The
passwords are considered to be similar when there's a sufficiently
long common substring and the new password with the substring removed
would be weak.
Signed,
Solar Designer
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[]