07-01-2009 01:15 AM
We want to require more complex passwords than what we have currently setup, but don't want to use genpwd -- i.e. something that would forbid "easy to guess passwords" such as "112233" or "asdf12" (which appear to be O.K. as far as the pwddic is concerned).
Any pointers/links will be appreciated.
Solved! Go to Solution.
07-01-2009 01:40 AM
you can set up your own password policy checker.
See the excellent write up and links from Steve Hoffman at
07-01-2009 02:02 AM
Or simpler you can add your easy to guess passwords to the password dictionary.
And I question why "asdf12" is easier to guess than any other 6 character password. As a first action I would require at least 8 character passwords.
07-01-2009 08:02 PM
You are correct that increasing password length would help, but at the moment I can only "tweak" existing policy.
I will try the macro32 password policy.
As a stop-gap, are there maybe any "improved" password dictionary additions that are available to download?
07-02-2009 12:30 AM
Also password security checker programs like JohnTheRipper contain dictionary files, especially those frequently used by cracker programs.
( http://www.openwall.com/john/ )
To add dictionaries to the VMS dictionay file, see the following files at
The convert_list... procedure converts a text-file with one password per line into a VMS formatted (ISAM) file, which then can be merged into a VMS dictionary file.
07-02-2009 05:33 AM
Articles include John The Ripper and other brute-force attacks, dictionary updates, generated passwords, no-password logins, certificates, Kerberos and single-signon, the aforementioned password filter, etc.