[ILUGC] Re: GNU/Linux commands - cracklib-check
- From: Suhas Gundimeda <snugghash@xxxxxxxxx>
- To: ilugc@xxxxxxxxxxxxx
- Date: Mon, 26 Sep 2016 18:01:06 -0400
Greetings,
On Sun, Sep 25, 2016 at 6:59 AM, Dhanasekar <tkdhanasekar@xxxxxxxxx> wrote:
Hi,
cracklib-check - examines the quality of passwords
$ echo "iLove@LinuX" | cracklib-check
iLove@LinuX: OK
Security addendum; a lot of people have history enabled for shell commands.
In that scenario, using the tool this way could end up storing your
password in plaintext.
I suggest just running `cracklib-check` and entering the password on
the next line, terminating with a linefeed (`\n` or the enter key).
Also, the dictionary used for the process is variable, and the default
varies across distros (but of course).
As long as we're knowledge dumping,
http://security.stackexchange.com/questions/2687/how-reliable-is-a-password-strength-checker
links to a lot of relevant knowledge, and the answer presents common
pitfalls in assessing password strengths well (and the exceptions to
those pitfalls).
Also, one can force users of a system to longer passwords:
http://www.linux-faqs.info/security/force-strong-passwords
Thanks you
Suhas
_____________________________________
ILUGC List:
//www.freelists.org/list/ilugc
ILUGC Web:
http://ilugc.in/
Other related posts: