Security criteria

Thomas Sutton thsutton at utas.edu.au
Mon Jan 5 12:27:35 PST 2004


On Tue, 2004-01-06 at 06:26, Tobias Lang wrote:
> On Mon, 05 Jan 2004 13:15:44 -0500
> Robert Connolly <cendres at videotron.ca> wrote:
> 
> > Logins obviously need to be secure. Password authentication seems to be the 
> > standard, but not as good as dna and/or retinal scans. This would mean 
> > running cracklib or some other password checker on new passwords, and 
> > rejecting short or easy ones. Word lists should be in more languages than 
> > english, what are the second and third most common languages?; chinese and 
> > french I think. 
> 
> I would split this up for regions. I don't think there a much chinese passphrases
> in the "western" world (despite Universities) I would prefer English, Spanish,
> Frensh als a standart base plus optional Dictionaries depending on where you are from!
You'd also need to include the dead and pretend languages that people
are likely to use. Klingon and Latin both spring to mind. Latin will be
likely in some industries (e.g. Law, the sciences and academia in
general) and Klingon (from StarTrek)has more speakers than many real,
live languages.

I'm not sure I see the reasoning behind only using local dictionaries?
Is not the intent of denying dictionary words to lessen the chance of an
easily guessable password? If so than we must assume that the likelyhood
of a word being attempted as a guess is proportional to its usage.
Languages that have a higher usage than English (Chinese and Spanish I
think) would therefore almost certainly have to be included.

Either that or have the init scripts do something like:

{
	cat /etc/motd.in
	echo "No unauthorised access"
	echo "Password guessing in $LANG only!"
} > /etc/motd

:-)

Cheers,
Thomas Sutton




More information about the hlfs-dev mailing list