Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 23 Jun 2007 20:22:19 -0600
From: Vincent Danen <vdanen@...sec.ca>
To: owl-users@...ts.openwall.com
Subject: Re: pam_passwdqc and history

* Solar Designer <solar@...nwall.com> [2007-06-24 05:39:39 +0400]:

>Vincent - thank you for asking this question on owl-users rather than
>via private e-mail to me (like some others did).

You're welcome.  I wanted a "public" answer since I wanted to forward
whatever I got back to the Mandriva guys.  =)

I think it's also something that might be useful to see via mailing list
archives and such.

BTW, very good answer and made me think of some things I hadn't thought
of before.  I'm in complete agreement with you.

Of course, that doesn't stop legislaters from specifying they want or
need something like this, so if something like this were to make it's
way into pam_passwdqc (as, from my understanding, pam_cracklib is what
would be doing this, not pam_unix), I think it might make it more
palatable to some people (with the appropriate warnings/compile-time
disablers, etc.).

Thanks for the answer.  I've forwarded it off to the Mandriva
maintainers.  If nothing else, I'd like to get pam_passwdqc to replace
pam_cracklib there (not sure if I can pull off getting them to use tcb,
but we'll see).


-- 
Vincent Danen @ http://linsec.ca/

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.