nixCraft Poll

Topics

Linux check passwords against a dictionary attack

Posted by Vivek Gite [Last updated: December 21, 2006]

Dictionary attack is used for detecting password.

Wikipedia defines:
A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities.

A dictionary attack also exploits the tendency of people to choose weak passwords, and is related to the previous attack. Password cracking programs usually come equipped with "dictionaries", or word lists, with thousands or even millions of entries of several kinds, including:
=> Words in various languages
=> names of people
=> Places
=> Commonly used passwords etc

However you can use the existence of these dictionary attack tools demonstrates the relative strengths of different password choices against such attacks.

Check user passwords against a dictionary attack

You can be configured to verify that passwords (read as weak password) cannot be guessed easily using Linux PAM module called pam_cracklib.so. It will check the passwd against dictionary words. User is not allowed to set new password until and unless conditions satisfied (i.e. weak password is not allowed).

Open password configuration file according to your Linux distribution. And make modification as follows.

Redhat/Fedora/CentOS Linux

cracklib PAM module is installed by default so no need to install anything. Just open config file:
# vi /etc/pam.d/system-auth
Append/modify as follows:
password required /lib/security/pam_cracklib.so retry=2 minlen=10 difok=6

Debian or Ubentu Linux

First install libpam-cracklib PAM module to enable cracklib support.
# apt-get install libpam-cracklib
or
$ sudo install libpam-cracklib
Now open config file:
# vi /etc/pam.d/system-auth
Append/modify as follows:
password required pam_cracklib.so retry=2 minlen=10 difok=6

Save and close the file

Where,

Please note that restrictions are only applied to normal users (not to root user).

Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates. You can Email this page to a friend.

You may also be interested in other helpful articles:

Discussion on This Article:

  1. Linux check passwords against a dictionary attack « Tuxicity’s source Says:

    [...] satisfied (i.e. weak password is not allowed). nixCraft | more.. No Comments Leave a Commenttrackback addressThere was an error with your comment, please try again. name (required)email (will not be published)(required)url [...]

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Copyright © 2004-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Sitemap - Powered by Open source software.