BLAG

BLAG Forums
It is currently Sun Dec 21, 2014 2:26 pm

All times are UTC




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Sun Jul 27, 2008 1:25 am 
Offline

Joined: Mon Mar 27, 2006 11:05 pm
Posts: 286
http://s89.photobucket.com/albums/k221/ ... f5a260.png

how does it do it?
i mean i understand the part about min chars, some chars and some numbers requirements as those can be put into some logic.
but matching the pass to a dictionary? - how does anaconda actually know that this is a dictionary word, it has it's own dictionary stashed somewhere in the background or what?


Last edited by gr00ve on Tue Aug 05, 2008 10:53 am, edited 1 time in total.

Top
 Profile  
 
 Post subject:
PostPosted: Sun Jul 27, 2008 10:57 am 
Offline
Site Admin

Joined: Wed Mar 17, 2004 6:17 pm
Posts: 1340
Location: London, UK
where you connected to the net at the time. Maybe /*guess*/ that it connects to a server where it checks a dictionary? I think a "tiny shell" like nash or busybox could be running at the time and anaconda called a script to be run from that shell. During installations I hit <ctrl><alt><fnX> to get a vt and see what's going on.

_________________
BLAG 'em up!


Top
 Profile  
 
 Post subject:
PostPosted: Sun Jul 27, 2008 2:53 pm 
Offline
Site Admin

Joined: Sun Mar 14, 2004 3:17 pm
Posts: 4492
Location: Loveland, Colorado, USA
It *definitely* doesn't connect to the net to check passwords. John's on a roll.

It uses cracklib, i assume.

Code:
Name        : cracklib                     Relocations: (not relocatable)
Version     : 2.8.12                            Vendor: Fedora Project
Release     : 2                             Build Date: Wed 20 Feb 2008 04:23:42 AM MST
Install Date: Mon 05 May 2008 10:51:47 PM MDT      Build Host: xenbuilder4.fedora.phx.redhat.com
Group       : System Environment/Libraries   Source RPM: cracklib-2.8.12-2.src.rpm
Size        : 110453                           License: GPLv2
Signature   : DSA/SHA1, Thu 10 Apr 2008 07:49:44 AM MDT, Key ID b44269d04f2a6fd2
Packager    : Fedora Project
URL         : http://sourceforge.net/projects/cracklib/
Summary     : A password-checking library
Description :
CrackLib tests passwords to determine whether they match certain
security-oriented characteristics, with the purpose of stopping users
from choosing passwords that are easy to guess. CrackLib performs
several tests on passwords: it tries to generate words from a username
and gecos entry and checks those words against the password; it checks
for simplistic patterns in passwords; and it checks for the password
in a dictionary.

CrackLib is actually a library containing a particular C function
which is used to check the password, as well as other C
functions. CrackLib is not a replacement for a passwd program; it must
be used in conjunction with an existing passwd program.

Install the cracklib package if you need a program to check users'
passwords to see if they are at least minimally secure. If you install
CrackLib, you will also want to install the cracklib-dicts package.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jul 28, 2008 12:02 am 
Offline

Joined: Mon Mar 27, 2006 11:05 pm
Posts: 286
thanks, i've found the dictionary in cracklib


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group