Forcing Strong Passwords

To protect the network from intrusion it is a good idea for system administrators to verify that the passwords used within an organization are strong ones. When users are asked to create or change passwords, they can use the command line application passwd, which is Pluggable Au-thentication Manager (PAM) aware and therefore checks to see if the password is easy to crack
or too short in length via the pam_cracklib.so PAM module. Since PAM is customizable, it is possible to add further password integrity checkers, such as pam_passwdqc (available from ht-tp://www.openwall.com/passwdqc/) or to write a new module. For a list of available PAM mod-ules, refer to http://www.kernel.org/pub/linux/libs/pam/modules.html.

There are many password cracking programs that run under Red Hat Enterprise Linux although none ship with the operating system. Below is a brief list of some of the more popular password cracking programs:

John The Ripper — A fast and flexible password cracking program. It allows the use of mul- tiple word lists and is capable of brute-force password cracking. It is available online at ht- tp://www.openwall.com/john/.

Crack — Perhaps the most well known password cracking software, Crack is also very fast, though not as easy to use as John The Ripper. It can be found online at ht- tp://www.crypticide.com/users/alecm/.

Slurpie — Slurpie is similar to John The Ripper and Crack, but it is designed to run on multiple computers simultaneously, creating a distributed password cracking attack. It can be found along with a number of other distributed attack security evaluation tools online at ht- tp://www.ussrback.com/distributed.htm.

The -M option of the chage command specifies the maximum number of days the password is valid. So, for instance, to set a user’s password to expire in 90 days, type the following com-mand:

chage -M 90 username

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.