Subject: Re: Insecure Password?
To: Feico Dillema <>
From: Michael C. Richardson <>
List: tech-security
Date: 07/10/1998 12:21:15
>>>>> "Feico" == Feico Dillema <> writes:
    Feico> Opinion: I think this should be regarded as a security bug, although minor.
    Feico> The usefulness of allowing control characters seems rather limited to me,
    Feico> as these are often difficult to reproduce on different 
    Feico> systems/keyboards/configurations. I think the `passwd' command

  On the other hand, I can think of no better way to force root logins to
be from a particular set of keyboard(s), perhaps with specific keymaps
  Maybe passwd should complain once, but for root, let you continue anyway.

    Feico> such a password is rather weak, it has about the strength of a four digit 
    Feico> password where an 8 digit is expected.

  Unless the attacker knows that the keyboard was in numlock mode, they still
have to brute force all 8 digit passwords.

   :!mcr!:            |  "Elegant and extremely rapid for calculation are the 
   Michael Richardson | techniques of Young tableaux. They also have the merit
                      | of being fun to play with." - p.47 Intro to Quarks&Partons
 Personal: PGP key available.