HPE Community
Operating System - OpenVMS
1751822 Members
5198 Online
108782 Solutions
New Discussion юеВ

increasing complexity of login passwords

 
SOLVED
Go to solution
sandyt
Frequent Advisor

тАО07-01-2009 01:15 AM

тАО07-01-2009 01:15 AM

increasing complexity of login passwords

Using openvms 7.3-2 on an alpha server.

We want to require more complex passwords than what we have currently setup, but don't want to use genpwd -- i.e. something that would forbid "easy to guess passwords" such as "112233" or "asdf12" (which appear to be O.K. as far as the pwddic is concerned).

Any pointers/links will be appreciated.

Thanks
0 Kudos
5 REPLIES 5
Duncan Morris
Honored Contributor

тАО07-01-2009 01:40 AM

тАО07-01-2009 01:40 AM

Solution

Re: increasing complexity of login passwords

Sandyt,

you can set up your own password policy checker.

See the excellent write up and links from Steve Hoffman at

http://labs.hoffmanlabs.com/node/643

Duncan
0 Kudos
Joseph Huber_1
Honored Contributor

тАО07-01-2009 02:02 AM

тАО07-01-2009 02:02 AM

Re: increasing complexity of login passwords

As Duncan wrote, You can add your own password policy module.
Or simpler you can add your easy to guess passwords to the password dictionary.
And I question why "asdf12" is easier to guess than any other 6 character password. As a first action I would require at least 8 character passwords.
http://www.mpp.mpg.de/~huber
0 Kudos
sandyt
Frequent Advisor

тАО07-01-2009 08:02 PM

тАО07-01-2009 08:02 PM

Re: increasing complexity of login passwords

Thanks for the quick response.

You are correct that increasing password length would help, but at the moment I can only "tweak" existing policy.

I will try the macro32 password policy.

As a stop-gap, are there maybe any "improved" password dictionary additions that are available to download?

Thanks
0 Kudos
Joseph Huber_1
Honored Contributor

тАО07-02-2009 12:30 AM

тАО07-02-2009 12:30 AM

Re: increasing complexity of login passwords

Maybe a search for "password dictionary file" will find some.
Also password security checker programs like JohnTheRipper contain dictionary files, especially those frequently used by cracker programs.
( http://www.openwall.com/john/ )

To add dictionaries to the VMS dictionay file, see the following files at
http://wwwvms.mppmu.mpg.de/vms$common/sysmgr/

ADD_PASSWORD_DICTIONARY.COM
convert_list_to_password_dictionary.com
merge_password_dictionary.com

The convert_list... procedure converts a text-file with one password per line into a VMS formatted (ISAM) file, which then can be merged into a VMS dictionary file.
http://www.mpp.mpg.de/~huber
0 Kudos
Hoff
Honored Contributor

тАО07-02-2009 05:33 AM

тАО07-02-2009 05:33 AM

Re: increasing complexity of login passwords

Follow the Passwords taxonomy around the site for more than you probably care on this topic:

http://labs.hoffmanlabs.com/taxonomy/term/112

Articles include John The Ripper and other brute-force attacks, dictionary updates, generated passwords, no-password logins, certificates, Kerberos and single-signon, the aforementioned password filter, etc.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.