|
Passwords: Everyone needs a good reminder about when it's time to change their passwords |
|
|
Now you might be wondering why in the heck a security column should begin with the Ides of March. Or, even more interestingly, why it would begin with the Ides of March a week after the Ides of March.[1] Well, fear not, I'll get to the point.
I can't imagine what you might do should you be woken some morning to the retelling of the fall of an empire, but to me it reminds me that it's time to change my passwords. Most security folks suggest you change your passwords at least once or twice a year. One of the most frequently suggested times are the change to and from daylight savings time. But for me, it's the Ides of March.[2]
So what makes a bad password? Anything associated with you or your likes, desires, or quirks. Anything out of a dictionary in any language. The name of your relative, pet, significant other, favourite movie, phone number, birthday, or favourite colour. These things are either easy to guess if someone knows you, or are able to be cracked fairly easily by password guessing programs.
And most importantly, any password that you've used before is right out.
So what makes a good password? It depends somewhat on your password-hashing algorithm. Most new Linux installs use strong password-hashing algorithms such as MD5, which can take an infinite length password. Older installs used the traditional DES algorithm, which only allows 8 character passwords. It's best for you to ask your administrator which kind of hashing algorithm is used on the system before you choose a password.
If you are the administrator, it's not too hard to see which kind of hashing algorithm is the default. For example, change the password for jdoe and then do the following:
old_des_style# grep jdoe /etc/shadow
jdoe:m1kbsnKnULUKs:12133:0:99999:7:::
^^^^^^^^^^^^^
md5_style# grep jdoe /etc/shadow
jdoe:$1$e0/v1t9O$y/SxZxbiHsesW5HbeZRHq0:12133:0:99999:7:::
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
(I've underlined each password hash above with caret symbols to make it easier to see them.)
On the first host, the passwd program is configured to use the older DES-style password hashes. The password hash is the 13 character long string "m1kbsnKnULUKs". The second host uses MD5 hashing instead, as can be seen by much longer hash "$1$e0/v1t9O$y/SxZxbiHsesW5HbeZRHq0". There are other possible password hashing routines[3] but these are the two you're most likely to have available.
Continued @ Hacking Linux Exposed
|
|
|
 |
| "Passwords: Everyone needs a good reminder about when it's time to change their passwords" | Login/Create an Account | 0 comments |
|
| | The comments are owned by the poster. We aren't responsible for their content. |
|
|
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 0
Votes: 0
|
|
|
