bdh@uchicago (Brian D. Howard) (04/05/91)
Archive-name: security/password/emx-npasswd/1991-04-01 Archive-directory: emx.utexas.edu:/pub/npasswd/ [128.83.1.33] Original-posting-by: bdh@uchicago (Brian D. Howard) Original-subject: Re: Hacking Reposted-by: emv@msen.com (Edward Vielmetti, MSEN) fuat@cunixf.cc.columbia.edu (Fuat C. Baran) writes: >"An ounce of prevention is worth a pound of cure." If you really want >to enforce a policy of "reasonable" passwords (e.g. not in a >dictionary, not personal name, variation of username, etc.) the place >to do it would be in /bin/passwd when the user is setting the >password. At that time you have the plaintext password and you can do >whatever checks you want and give users instant feedback on their >choice of password. No need to crack passwords after the fact. I'm >sure you could put your CPU cycles to better use than making attempts >to crack your users' passwords. Besides what is a practical and >acceptable frequency for running your password cracker for it to be >worth the effort? ftp pub/npasswd/npasswd.tar.Z (or the shar files) from emx.utexas.edu THat should do the trick. -- "Hire the young while they still know everything."