On Thu, Jun 29, 2000 at 11:37:15AM -0700, Sean 'Shaleh' Perry wrote: > > On 29-Jun-2000 Sajjad Haider wrote: > > Hello, > > > > I am a graduate student, just started working on the area of computer > > security. Few months ago, when I used Debian OS, I remembered when you > > create > > a new account and enter password for it, the kernel warns you if it > > categorize the password as simple. > > I want to learn about the procedure with which the kernel decides that > > whether a particular password string is complex or simple. > > > > all chars and less than 6 characters > a word in the dictionary is also commonly tested. > > In PAM there is a cracklib module which checks passwords constantly, you > should > look there as well.
Plus, it's not really the "kernel" that does this, it's the passwd program (and whatever modules it uses). Currently in potato, pam_unix.so has some simple sanity checks for simple passwords. They include: palindromes - words that read the same backward and forwards, like busub min length check repition, like "badbad" and a few others. You can look at the source for it in libpam. As Shaleh pointed out, cracklib has some extra strength checking, including a password history (so ppl can't keep using the same two passwords alternately) and dictionary matching. -- -----------=======-=-======-=========-----------=====------------=-=------ / Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \ ` [EMAIL PROTECTED] -- [EMAIL PROTECTED] -- [EMAIL PROTECTED] ' `---=========------=======-------------=-=-----=-===-======-------=--=---'