Re: increasing complexity of login passwords (215 Views)
Reply
Frequent Advisor
sandyt
Posts: 99
Registered: ‎06-10-2007
Message 1 of 6 (215 Views)
Accepted Solution

increasing complexity of login passwords

Using openvms 7.3-2 on an alpha server.

We want to require more complex passwords than what we have currently setup, but don't want to use genpwd -- i.e. something that would forbid "easy to guess passwords" such as "112233" or "asdf12" (which appear to be O.K. as far as the pwddic is concerned).

Any pointers/links will be appreciated.

Thanks
Please use plain text.
Honored Contributor
Duncan Morris
Posts: 666
Registered: ‎08-07-2003
Message 2 of 6 (215 Views)

Re: increasing complexity of login passwords

Sandyt,

you can set up your own password policy checker.

See the excellent write up and links from Steve Hoffman at

http://labs.hoffmanlabs.com/node/643

Duncan
Please use plain text.
Honored Contributor
Joseph Huber_1
Posts: 1,082
Registered: ‎02-03-2004
Message 3 of 6 (215 Views)

Re: increasing complexity of login passwords

As Duncan wrote, You can add your own password policy module.
Or simpler you can add your easy to guess passwords to the password dictionary.
And I question why "asdf12" is easier to guess than any other 6 character password. As a first action I would require at least 8 character passwords.
http://www.mpp.mpg.de/~huber
Please use plain text.
Frequent Advisor
sandyt
Posts: 99
Registered: ‎06-10-2007
Message 4 of 6 (215 Views)

Re: increasing complexity of login passwords

Thanks for the quick response.

You are correct that increasing password length would help, but at the moment I can only "tweak" existing policy.

I will try the macro32 password policy.

As a stop-gap, are there maybe any "improved" password dictionary additions that are available to download?

Thanks
Please use plain text.
Honored Contributor
Joseph Huber_1
Posts: 1,082
Registered: ‎02-03-2004
Message 5 of 6 (215 Views)

Re: increasing complexity of login passwords

Maybe a search for "password dictionary file" will find some.
Also password security checker programs like JohnTheRipper contain dictionary files, especially those frequently used by cracker programs.
( http://www.openwall.com/john/ )

To add dictionaries to the VMS dictionay file, see the following files at
http://wwwvms.mppmu.mpg.de/vms$common/sysmgr/

ADD_PASSWORD_DICTIONARY.COM
convert_list_to_password_dictionary.com
merge_password_dictionary.com

The convert_list... procedure converts a text-file with one password per line into a VMS formatted (ISAM) file, which then can be merged into a VMS dictionary file.
http://www.mpp.mpg.de/~huber
Please use plain text.
Honored Contributor
Hoff
Posts: 4,907
Registered: ‎01-29-2006
Message 6 of 6 (215 Views)

Re: increasing complexity of login passwords

Follow the Passwords taxonomy around the site for more than you probably care on this topic:

http://labs.hoffmanlabs.com/taxonomy/term/112

Articles include John The Ripper and other brute-force attacks, dictionary updates, generated passwords, no-password logins, certificates, Kerberos and single-signon, the aforementioned password filter, etc.
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation