[Toybox] Sending passwd source code for contribution
Rob Landley
rob at landley.net
Tue Jul 17 09:48:32 PDT 2012
On 07/14/2012 03:07 AM, Kyungwan Han wrote:
>
> Dear Rob.
>
> I send you modified passwd.c file.
I merged the passwd stuff you sent as-is. Further polishing can wait
until I have time.
> #3. Suggesntion for strength_check.
> - I agree with your opinion about avoiding dictionary attack.
> It's good idea to prevent users for using simple word as their password.
> I'd like to check password strongly, but, in that case, I think it
> should need a lot of time to making password checking module.
> So my suggestion is to make dangerous_word_list containing 30~50 words
> and check user password with that list.
> The words can be collected from paper or survey about security like
> the link you gave me about linkedin.com <http://linkedin.com> example.
>
> I'd like to know your opinion for checking password policy.
I agree it's important, but I'd prefer not to hardwire policy decisions
into toybox.
Unfortunately, it's not as simple as "here's a list of dictionary
words": do we want to insist the password contain letters, punctuation,
mixed case? How much of each? Do we want case insensitive matches for
dictionary words? (If so, in what locale?) Do we care about reverse
matches? Partial matches? (If so, how long?) Do we warn about bad
passwords, or forbid them entirely? (And does that behavior change if
it's root doing it for another user, or a user doing it for themselves?)
There are people who do security for a living. I follow some of them on
twitter. They link me to random stuff like:
http://7habitsofhighlyeffectivehackers.blogspot.com.au/2012/05/using-twitter-to-build-password.html
And of course there are introductory articles on the state of the art
wandering by all the time:
http://www.h-online.com/security/features/Cheap-Cracks-Of-dictionaries-and-rainbows-746217.html
What all this says to me is that adding an optional ability to call out
to an existing password checker might be good, because then the "what
qualifies as a good password" decision is somebody else's problem.
Writing our own would never be remotely sufficient. Unfortunately, I
don't know what password checkers are out there, and what format they
want. (I'm guessing that we feed the password on stdin and it exits with
zero or nonzero status, maybe printing its objection to stdout? I dunno...)
Anyway, I've merged what you sent, any further cleanups I can do on top
of the code in the tree. (One thing it probably should do is check if
it's running suid root and exit if not, rather than prompting for a
password and then failing to be able to change it...)
Rob
--
GNU/Linux isn't: Linux=GPLv2, GNU=GPLv3+, they can't share code.
Either it's "mere aggregation", or a license violation. Pick one.
1342543712.0
More information about the Toybox
mailing list