Beware the Ides of March!

    Date25 Mar 2003
    Posted ByAnthony Pell
    Every year, the Ides of March is my reminder that it's time to change my passwords.. . . Every year, the Ides of March is my reminder that it's time to change my passwords.

    Most security folks suggest you change your passwords at least once or twice a year. One of the most frequently suggested times are the change to and from daylight savings time. But for me, it's the Ides of March.

    So what makes a bad password? Anything associated with you or your likes, desires, or quirks. Anything out of a dictionary in any language. The name of your relative, pet, significant other, favourite movie, phone number, birthday, or favourite colour. These things are either easy to guess if someone knows you, or are able to be cracked fairly easily by password guessing programs.

    And most importantly, any password that you've used before is right out.

    So what makes a good password? It depends somewhat on your password-hashing algorithm. Most new Linux installs use strong password-hashing algorithms such as MD5, which can take an infinite length password. Older installs used the traditional DES algorithm, which only allows 8 character passwords. It's best for you to ask your administrator which kind of hashing algorithm is used on the system before you choose a password.

    If you are the administrator, it's not too hard to see which kind of hashing algorithm is the default. For example, change the password for jdoe and then do the following:

       old_des_style# grep jdoe /etc/shadow   jdoe:m1kbsnKnULUKs:12133:0:99999:7:::        ^^^^^^^^^^^^^   md5_style#     grep jdoe /etc/shadow   jdoe:$1$e0/v1t9O$y/SxZxbiHsesW5HbeZRHq0:12133:0:99999:7:::        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
    (I've underlined each password hash above with caret symbols to make it easier to see them.)

    On the first host, the passwd program is configured to use the older DES-style password hashes. The password hash is the 13 character long string "m1kbsnKnULUKs". The second host uses MD5 hashing ...

    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350


    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.