[ale] Password standards

Michael H. Warfield mhw at WittsEnd.com
Tue Oct 18 21:39:44 EDT 2011 

On Tue, 2011-10-18 at 14:23 -0400, Chris Fowler wrote: 
> Okay,  I think the ale box will flood after this.
> 
> I'm working on some changes to our system to support a huge list of
> password creation requirements from a government agency.  Luckily I do
> not have to do them all.  I only do what we can do and then we get a
> waiver for the other requirements.
> 
> Example is: Password must contain at least one of these: '!@$#'
> 
> I do not want this thread to turn into a discussion about the best
> passwords or why those in gov think they know the best passwords.   IMO,
> I don't like obtuse passwords because you motivate people to write them
> down.  
> 
> While doing this I became curious as to the source of their requirements
> and if there was a 'best practices' document anywhere I could use as a
> standard for other things.
> 
> I'm having to check for things like:

> Must not contain the user name
> Must contain a number
> Must contain a special char '!@#$'
> Must not contain two consecutive like characters 'aa'
> Must contain at least one capitalized letter.

I go by one rule.

Must pass cracklib.  IOW, John the Ripper will not break it.

So, I can basically violate every rule you have there and I will still
have a better password that will never be broken.

> Is there a spec that the passwd program conforms too?  I know that it
> will provide a warning but not an error.  I even seen web pages that
> guage the "strength" based on content.
> 
> Looking for something that may be EASY TO READ :) and written down.
> 
> Chris

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20111018/c7c0dc11/attachment.bin

More information about the Ale mailing list