FAS password complexity requirements
Kevin Fenzi
kevin at scrye.com
Sun Mar 20 00:09:17 UTC 2011
On Sun, 20 Mar 2011 12:53:05 +1300
Jose Mathew Manimala <josemanimala at gmail.com> wrote:
> Also, I would think we should not allow for same characters adjacent
> to each other.
>
> For ex, Say - "rep at rcuss1on" this would be hard but a brute force can
> still crack this.... (offline password crack using johntheripper
> recent rootkit.com exploit).
well, we want to be careful not to make it too restrictive... because
if you have enough rules you are reducing the pool of possible
addresses, in the end making it easier to brute force. :)
(so long as the rules are known, and we would need to tell our users
that, so an attacker would know as well).
Setting up a slowdown in fas for login attempts could also help prevent
brute force. (ie, failed attempts take 2x as long each time, etc).
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20110319/cad7ffd8/attachment.bin
More information about the infrastructure
mailing list