Subject: Re: Insecure Password?
To: Feico Dillema <email@example.com>
From: Michael C. Richardson <firstname.lastname@example.org>
Date: 07/10/1998 12:21:15
>>>>> "Feico" == Feico Dillema <email@example.com> writes:
Feico> Opinion: I think this should be regarded as a security bug, although minor.
Feico> The usefulness of allowing control characters seems rather limited to me,
Feico> as these are often difficult to reproduce on different
Feico> systems/keyboards/configurations. I think the `passwd' command
On the other hand, I can think of no better way to force root logins to
be from a particular set of keyboard(s), perhaps with specific keymaps
Maybe passwd should complain once, but for root, let you continue anyway.
Feico> such a password is rather weak, it has about the strength of a four digit
Feico> password where an 8 digit is expected.
Unless the attacker knows that the keyboard was in numlock mode, they still
have to brute force all 8 digit passwords.
:!mcr!: | "Elegant and extremely rapid for calculation are the
Michael Richardson | techniques of Young tableaux. They also have the merit
| of being fun to play with." - p.47 Intro to Quarks&Partons
Personal: firstname.lastname@example.org. PGP key available.