Comments on: Howto: Protect account against a password cracking attack http://www.cyberciti.biz/tips/howto-protect-account-against-password-crack-attack.html This is a Linux sys admin journal by Vivek about sys admin work, Linux tips & tricks, hacks, news and more. Fri, 10 Feb 2012 20:37:43 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Harkahttp://www.cyberciti.biz/tips/howto-protect-account-against-password-crack-attack.html#comment-143891 Harka Mon, 26 May 2008 12:15:02 +0000 http://www.cyberciti.biz/tips/howto-protect-account-against-password-crack-attack.html#comment-143891 > Do not write down password I disagree with that. In this day and age there's almost no way to NOT write down passwords. I see it this way: when you do write it down (assuming, of course, you store everything in a reasonably secure place...like your wallet) it makes it much easier to choose GOOD passwords, as opposed to lousy one's just so you can remember them... Btw., most authentication routines use 128-bit encryption/hashing, incl. Linux passwords (MD5). In order to make your passwords at least as strong as the underlying algorithm you need at least 28 *randomly chosen* characters, if you were only picking from the 26 lower-case english alphabet. Picked from upper and lower-case (52 chars) you'd need 23 randomly chosen characters and if you add the 0-9 numbers into the mix (62 chars), you'd still need at least 22 random characters out of that. Now you know how weak your password really is compared to the technical implementation of it :-) > Do not write down password

I disagree with that. In this day and age there’s almost no way to NOT write down passwords.
I see it this way: when you do write it down (assuming, of course, you store everything in a reasonably secure place…like your wallet) it makes it much easier to choose GOOD passwords, as opposed to lousy one’s just so you can remember them…

Btw., most authentication routines use 128-bit encryption/hashing, incl. Linux passwords (MD5). In order to make your passwords at least as strong as the underlying algorithm you need at least 28 *randomly chosen* characters, if you were only picking from the 26 lower-case english alphabet. Picked from upper and lower-case (52 chars) you’d need 23 randomly chosen characters and if you add the 0-9 numbers into the mix (62 chars), you’d still need at least 22 random characters out of that.
Now you know how weak your password really is compared to the technical implementation of it :-)

]]> By: nixcrafthttp://www.cyberciti.biz/tips/howto-protect-account-against-password-crack-attack.html#comment-93662 nixcraft Mon, 19 Mar 2007 15:19:38 +0000 http://www.cyberciti.biz/tips/howto-protect-account-against-password-crack-attack.html#comment-93662 You cannot decrypt passwords in the /etc/shadow. You can just encrypt password and compare with /etc/shadow version using API You cannot decrypt passwords in the /etc/shadow. You can just encrypt password and compare with /etc/shadow version using API

]]> By: amnjuhttp://www.cyberciti.biz/tips/howto-protect-account-against-password-crack-attack.html#comment-92098 amnju Sun, 18 Mar 2007 06:14:07 +0000 http://www.cyberciti.biz/tips/howto-protect-account-against-password-crack-attack.html#comment-92098 hi.. can u reply to my mail how you can decrypt passwords in the /etc/shadow file..... hi..
can u reply to my mail how you can decrypt passwords in the /etc/shadow file…..

]]>