Reliably generating good passwords
Reliably generating good passwords
Posted Feb 9, 2017 16:53 UTC (Thu) by joey (guest, #328)Parent article: Reliably generating good passwords
The other side of the coin is detecting weak passwords when the user tries to use them. The standard way to do that is cracklib (and libpam-cracklib). Unfortunately, cracklib is a pile of heuristics and so it will only detect a small subset of weak passwords. The zxcvbn library is the best thing I've found to try to estimate password entropy. It uses a built-in word list, plus detecting common keyboard patterns in passwords (qwertyu, zxcvbn), and the same techniques password crackers use to mutate words. A libpam-zxcvbn would be nice to have.
Posted Feb 9, 2017 20:57 UTC (Thu)
by anarcat (subscriber, #66354)
[Link]
Reliably generating good passwords
I concur: zxcvbn is awesome. In the meantime, the aforementioned pwqgen actually part of a larger library called passwdqc that also implements a password checker for pam... And there's fedora's libpwquality that also has a pam module.