[ILUGC] Re: GNU/Linux commands - cracklib-check

  • From: Suhas Gundimeda <snugghash@xxxxxxxxx>
  • To: ilugc@xxxxxxxxxxxxx
  • Date: Mon, 26 Sep 2016 18:01:06 -0400

Greetings,

On Sun, Sep 25, 2016 at 6:59 AM, Dhanasekar <tkdhanasekar@xxxxxxxxx> wrote:

Hi,
cracklib-check - examines the quality of passwords
$ echo "iLove@LinuX" | cracklib-check

iLove@LinuX: OK

Security addendum; a lot of people have history enabled for shell commands.
In that scenario, using the tool this way could end up storing your
password in plaintext.
I suggest just running `cracklib-check` and entering the password on
the next line, terminating with a linefeed (`\n` or  the enter key).
Also, the dictionary used for the process is variable, and the default
varies across distros (but of course).

As long as we're knowledge dumping,
http://security.stackexchange.com/questions/2687/how-reliable-is-a-password-strength-checker
links to a lot of relevant knowledge, and the answer presents common
pitfalls in assessing password strengths well (and the exceptions to
those pitfalls).

Also, one can force users of a system to longer passwords:
http://www.linux-faqs.info/security/force-strong-passwords

Thanks you
Suhas
_____________________________________
ILUGC List: http://www.freelists.org/list/ilugc
ILUGC Web: http://ilugc.in/

Other related posts: