User Tools

Site Tools



Strong passwords are a MUST. Secure connections are also a MUST. I.E. no ftp etc.

Audit Passwords

To audit your passwords - you need to install a program called 'john the ripper' or simply “john” apt-get install john john -single /etc/passwd # does a single pass john -single /etc/shadow (if exists) john /etc/passwd # does all three passes john # to get all available options. john /path/to/htpasswd # also happily does htaccess passwords!

Hydra is the name of a similar app used to test password strength.<br> Source/More info: = Force Strong Passwords = apt-get install libpam-cracklib # the above installs itself ontop of the 'passwd' command. # issuing a passwd (changing password) will test the strength of the new password. vi /etc/pam.d/common.password #comment out the following line: #password required nullok obscure min=4 max=8 md5 #uncomment: password required retry=3 minlen=6 difok=3 password required use_authtok nullok md5

Thats it. A user trying to set too short a password etc. won't be able. Legend: retry=2 : Prompt user at most 2 times before returning with error minlen=10 : minimum length allowed for an account password is set to 10 characters. This is the minimum simplicity count for a good password. And you are allowed only 2 times using retry option. difok=6: How many characters can be the same in the new password relative to the old. User will see error - BAD PASSWORD: is too similar to the old one You can also apply following options to compute the 'unsimplicity' of the password. dcredit=N : Digits characters ucredit=N : Upper characters lcredit=N : Lower characters ocredit=N : Other characters

Note: The restrictions are only applied to normal users. Root still can set a weak password.

References: (Legend Info.)

Debain page →

Generate a Strong Random Password

pwgen # as described already on this wiki here → pwgen

password_audit_securing.txt · Last modified: 2022/07/19 21:13 by