Notice! This document is currently in Archived status.
The content of this document may be incorrect or outdated.

Print this article Edit this article

Choosing a Good Password

Introduction

Whenever you change your ECN password using the Change Password web page or the passwd command, your new password will be checked with a password tester. If the password tester thinks that the password would be too easy to guess, then it will describe what is wrong with the newly entered password and abort the password from changing.

A good password is very important. Computers at ECN are directly connected to the Internet. There is a constant stream of hackers trying gain access to your files and the only thing stopping them are good passwords that are hard to guess.

Below are descriptions of bad passwords and good passwords. Following that is a section describing some tools that you can use to select a new password and a password testing utility that judges a potentially new password on the same criteria as the passwd command.

What Are Bad Passwords?

There are lots of passwords that should be avoided. Here are a few examples:

  • Avoid passwords based on a word in English dictionary, or in the dictionary of any other language. A very good example is not to set a password of "password".
  • Avoid passwords based on the reverse of a word in the dictionary. Don't set a password of "drowssap" (which is "password" spelled backwards).
  • Avoid passwords that are too short. Always set a password that is eight characters long.
  • Avoid using passwords that have too many of the same characters. Don't set a password of "mmmmmmmm" or "12345678".
  • Avoid using names. Don't set a password based on your first name, middle name, last name, login name, pet's name, computer's name, etc.
  • Avoid anything that is familiar to you that someone else might know. Don't set a password based on your street address, student ID number, favorite rock band, office location, or most colorful Pokemon character.
  • Avoid substituting numbers for characters. Don't change "E" to "3", "O" to "0", "I" to "1", etc. Most hackers know to try these combination of changes when trying out passwords.

Suggestions For Good Passwords

Very simply, try making up a password, that is eight characters long, that includes all three types of characters: Letters, Numbers and Symbols. By including all three types of characters, the number of combinations of passwords grows quiet large, leaving it difficult to guessing the password by a brute force search.

Generating a random password

In order to try to select a good, unguessable password, there is a utility to assist in creating one at random. The utility is called genrpass, and is available on any Solaris 8 workstation or server.

genrpass is based on an ANSI standard X9.17. It generates a password based on one way DES encryption. It starts out with a random seed number, combines that with a set of two other seeds, and produces the password from the result. The result then becomes the seed for the next password generation.

See the manual page for genrpass for more information.

Testing passwords

Selecting a password that will be acceptable to passwd may be difficult. Instead of entering in the password several times, it is easier to test the password ahead of time with a password testing program called passtest.

passtest accepts passwords, one line at a time, and outputs the results. If the result says ok, then the password would be a candidate for entering into the passwd command. If the password is unacceptable, the problem description will be shown.

See the manual page for passtest for more information.

Download

Download the source for genrpass by clicking below. The source code should work with most UNIX, but you'll need to have OpenSSL and Cracklib libraries in order to get everything to link. Adjust the Makefile to point to the paths for OpenSSL and Cracklib.

  • genrpass.tgz (Last updated Thursday, September 23, 2004, Size 3,575 bytes)
  • genrpass.tgz.asc (Last updated Thursday, September 23, 2004, Size 65 bytes)

Also, the source code to passtest is already part of the Cracklib library. Its original name is util/testlib.c.

Last Modified: Aug 1, 2023 4:06 pm GMT-4
Created: Oct 8, 2007 9:27 am GMT-4 by admin
JumpURL: