Re: How to suggest passwords for NIS?

Neil Edwards · ‎05-15-2003

Hello, O Great Ones:

We are running NIS and therefore can't run trusted passwords. Does anybody know a way to automatically create "good" passwords so that users can choose one. All of my attempts to script this create "good" (secure) passwords but many are very difficult to remember. The users then write them down in a "secret" place (like taped underneath their keyboards). I would really like to find a way to suggest easily remembered but still secure (difficult to guess) passwords.

Any ideas will be richly rewarded.

Thanks,
Neil

It wasn't me.

A. Clay Stephenson · ‎05-15-2003

If this were me, I would randomly choose between formats, e.g. word, digit, word; word, puncuation, word, digit; etc. The trick is to find a list of words. I would go look for the Gnu Scrabble source code and grab the 2,3,and 4 letter words to serve as a list.

If it ain't broke, I can fix that.

Zeev Schultz · ‎05-15-2003

Try this one (GPW)
http://www.multicians.org/thvv/tvvtools.html#gpw

Regards,
Zeev

So computers don't think yet. At least not chess computers. - Seymour Cray

Shannon Petry · ‎05-15-2003

If your interested, I used the GPW code, and enhanced it quite a bit. I gave it standard arguments so that you can use numbers and case randomness scrambling words further.

The same basic code exists, and works the same way. I just prefer swaping 5 for S when possible, and same with 0 for o, and 1 for L.

I submitted my code to the creator of gpw, but he didnt like the changes very much. Oh well, it works for me ;)

I can post the source if you like.

Shannon

Microsoft. When do you want a virus today?

Neil Edwards · ‎05-15-2003

Thanks guys. If possible, I would like a script solution instead of "C". I did download the "Scrabble" source and I think I found the file (scrabbledict) that A. Clay was talking about. It has a good list of words. I now just need to somehow pick one at random and combine it with numbers and characters like "!".

It wasn't me.

Shannon Petry · ‎05-15-2003

There is not really a script solution available nor would I recommend one.

At best, a script would have to extract randome entries from a word list and add digits to it. This is not very efficient, and the randomness is very small.

At worst, you create sequences and stash the last result. This creates a very easy to hack situation, and obviously since you have to stash the last result you stash someones password.

So, in essense once you start using either patterns or word lists and storing things, your security is completely shot.

The reason that GPW works (and my modifications to it) is as follows.

First, the dictionary on a system is parsed and split into triplets. These triplets are stored in the code.

When a user requests a password, a random number seeded with a time stamp are used to extract strings, and generate the password by assembling strings up to a specific length. GPW allowed passwords less than 4 chars and core dumped on 3 or less. My modified code requires 6.

If you wanted a scripting method, then perhaps write a script and parse 8 characters incrementing them in pairs of 4. Again though, you would quickly have everyone knowing that since their password is aaa1bbb2, someone elses is aaa2bbb3.

Regards,
Shannon

Microsoft. When do you want a virus today?

A. Clay Stephenson · ‎05-15-2003

If you insist upon a scripted solution (and if Perl counts as scripting for your purposes) then attach your dictionary (Again, I would limit it to 2,3,4, and maybe 5 letter words) and I think I can whip up a fairly decent generator in a few minutes.

If it ain't broke, I can fix that.

Neil Edwards · ‎05-15-2003

Thanks Clay. Here's my dictionary (adapted from "Scrabble")

It wasn't me.

James R. Ferguson · ‎05-15-2003

Hi Neil:

If you want a simple "script solution", here's one that generates n-size passwords of random letters and numbers. It is easily changed to include special characters, etc.

Pass the number of characters you want the output length to be as the argument to the script.

#!/usr/bin/sh
set -A ARY 1 2 3 4 5 6 7 8 9 0 a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
typeset -i I=0
typeset -i N=$1
while (( I < N ))
do
PW=${PW}${ARY[`echo "${RANDOM}%62+1"|bc`]}
let I=I+1
done
echo ${PW}
exit 0

Regards!

...JRF...

Neil Edwards · ‎05-15-2003

Hi JRF,

Thanks for your response. Many of my attempts resemble yours. The problem is that while these are "good" (secure) passwords, they are also hard for the user to remember. They then get taped under the keyboard or stuck in a drawer which defeats the whole purpose.

Thanks,
Neil

It wasn't me.

A. Clay Stephenson · ‎05-15-2003

Hi Neil:

This here's my attempt at this here thang. It was plumb scary on account of it actually ran the first time.
It also ran on my PC which speaks Perl.

Look for @pattern_array, you can make additional "patterms" like word, digit, word, punctuation" here. Make certain that each one ends with -1.

Basically this guy seeds the random number generator with a hash of time, pid, and a bit of FUZZ. The section near the end are where the rules are placed. Currently it just
loops until the MIN_LENGHT and MAX_LENGHT conditions are satisfied.

Attached is randompw.pl.

Now, how do you get them folks to use these here
passwords?

Yppasswd ain't that picky about no password construction.

Regards, Clay

If it ain't broke, I can fix that.

Neil Edwards · ‎05-15-2003

Thanks Clay.

It worked and is very close to what I'm looking for. My perl skills are not very good but I always need an excuse to buy more books. If I try to execute randompw.pl directly, it does not work but if I execute "perl randowpw.pl" it runs. I have the permissions set to rwxrwxrwx. I guess I need to tell the system that executable files that end with ".pl" are perl. How do I do that?

Thanks for all your help,
Neil

It wasn't me.

A. Clay Stephenson · ‎05-15-2003

Neil, Neil, Neil ...

UNIX don't know nothing about no file suffixes. You must be confusing UNIX with one of them "real" OS's.

1) Change your permissions to 755 (or at most 775); nothing don't need to be 777.

2) The real problem is the "shebang" at the beginning.
It's currently set to
#!/usr/bin/perl -w

You need to change it to suit your environment. e.g. #!/opt/perl5/bin/perl -w

I actually prefer to have a symbolic link in /usr/bin pointing to the actual perl executable.

e.g
ln -s /opt/perl5/bin/perl /usr/bin/perl

That should fix you, Clay

If it ain't broke, I can fix that.

Neil Edwards · ‎05-15-2003

Thanks Clay. That worked. You really went the "extra mile" to help me. I must confess that I do Windows often.

I also want to thank everyone for your suggestions.

BTW, I don't allow users to change passwords.

Thanks,
Neil

It wasn't me.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: How to suggest passwords for NIS?

How to suggest passwords for NIS?