Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: Not so much a bug as a warning of new brute force attack

Re: Not so much a bug as a warning of new brute force attack

From: Steve Chew <schew_at_tis.com>
Date: Tue, 4 Jun 1996 12:05:24 -0400

>
>> You can lead a user to a good password but you can only make them use it for
>> so long.
>
>What about a fascist passwd program which refers to a dictionary and
>rejects "easy" passwords? Does such an animal exist?
>
        Yes, such a program does exist for UNIX. It's actually a library
called 'CrackLib' which can easily be compiled into a program to check for
'easy-to-guess' passwords. It checks the password against the local
dictionary as well as the user's personal info such as their real name
(as kept in the passwd file), and so on. I've used it and it seems to
work quite nicely. There may also be other similar programs.
        Using archie, you can search for 'cracklib25' to find sites that
have it. Or you can get it via ftp from:
  coombs.anu.edu.au in /pub/security/words/cracklib25.tar.Z

                                Steve
                                schew_at_tis.com
Received on Jun 04 1996

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos