Radcore 2.0:sk8,punk & LinuX

   + News & Updates
   + Skate
   + Punk/HXC
   + GNU/LinuX
   + WindowMaker
   + Linux Security101
   + Downloads
   + About Radcore
   + Friends
   + Links
   + Site Map
   + Contact

   + Independent Media Center
   + PunkVoter.com
   + The Reigister
   + Astalavista
   + Linux.com
   + Slashdot

   + XMMS
   + WINAMP
   + MPlayer
   + Bsplayer

   + Waitallday
   + Jinx Record Shop
   + CannonBall666Records

+ None yet (Hope 2 have soon)

What's in a password?

A standard unix password can be up to eight characters. It may
contain numbers, letters, and most special characters.

Some of the available characters:
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
1234567890
!@#$%^&*()_+=[]{};':",./?

Elements of a secure password:
What are the elements of a good password? First, lets list some things
your password should NOT be.

* Any word in any language or dictionary (english, spanish, german)
* Words with one alteration (4play, look@, this1)
* Any name (john, jane, brenda, fred)
* All upper or lowercase words (PARTY, tricky, SECURE)
* Sequences [keyboard, alpha, numeric] (qwerty, asdfg, bcdefg, 123456)
* Words with missing letters (hvywght, lsrbm, cmptr)
* 'elite speak' [number substitution] (pr0j3ct, k3yb04rd)

What are some elements of a good password if I can't use any of that?!

* Use a combination of letters, numbers, special characters, upper and lower case.
* A password that is not used anywhere else
* Minimum of 7 characters
* At least one uppercase letter, one lowercase letter,
one number, one special character

To illustrate why you should follow these guildelines, lets look at
a popular utility called Crack that intruders might use to guess your
password. Since the unix password function is a one way function,
the program can not truly break the encrypted string. Instead, these
programs use a huge list of words and encrypts each one using the
same function. From there, it simply compares each encrypted word
to your encrypted word. When it finds a match, it has successfully
guessed your password.

For example: If you chose the password "$hEllo!", it may look like
"Vz0uAiTtjVL1g" once encrypted. So Crack will go through each of the
words in its dictionary, try each rule on each word, and attempt
to guess your password. Once it finds "Vz0uAiTtjVL1g", it matches
it with your password and reports a successfully cracked password.

The following list contains some of the rules Crack tries while
attempting to guess the password. These should illustrate how
thorough and comprehensive the cracking effort can be.

* Prepend a character to each word (alpha -> 1alpha)
* Append a character to each word (alpha -> alpha1)
* Delete first character from word (alpha -> lpha)
* Delete last character from word (alpha -> alph)
* Reverse each word (alpha -> ahpla)
* Duplicate each word (alpha -> alphaalpha)
* Reflect each word (alpha -> alphaahpla)
* Uppercase each word (alpha -> ALPHA)
* Lowercase each word (AlPhA -> alpha)
* Capitalise each word (alpha -> Alpha)
* N-Capital each word (alpha -> aLPHA)
* Pluralise each word (alpha -> alphas)
* Toggle case in each word (AlpHa -> aLPhA)
* Reject the word unless N long
* Reject the word unless longer than N
* Replace all instancs of X with Y (a/b alpha -> blphb)
* Use substring (2-4 alpha -> lph)
* Insert characters (# alpha -> al#pha)
* Purge characters (p alpha -> alha)

<<Back Next>>