Security criteria

Robert Day zarin at dscn.net
Mon Jan 5 11:12:50 PST 2004


On Mon, 2004-01-05 at 13:15, Robert Connolly wrote:

> Logins obviously need to be secure. Password authentication seems to be the 
> standard, but not as good as dna and/or retinal scans. This would mean 
> running cracklib or some other password checker on new passwords, and 
> rejecting short or easy ones. Word lists should be in more languages than 
> english, what are the second and third most common languages?; chinese and 
> french I think. I theorize a dynamicly linked suid passwd program could 
> accept malicious code to bypass cracklib, so password checking should also be 
> done at login. To keep this extra login checking from becoming a denial of 
> service, logins are default deny by the daemon, and anything else upstream, 
> before a password is evalutated.

Another interesting idea is to look at such concepts as smart card
authentication. Cards like the Bell QuickChange cards, the Sattelite
dish cards, etc. all can store authentication information.  I know it's
a hardware thing, but might be worth at lest a mention ;)

  Rob Day (BOFH)




More information about the hlfs-dev mailing list