[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: big word listing
The crack library points to some dictionaries which have not only real and
"imagined" (literary) words, but also words from other languages as well.
All in all a good resource. -see adams message for pointers
However, the reason I write is if you decide to add users previously used
passwords to the dictionary, make sure your "appendages" to the dictionary
are secured. Users are notorious for forgetting to change or reusing on
other machines the passwords from various servers. The advantage is that
your users will never be able to reuse their old passwords. The disadvantage
is that your admins can attempt to hack other machines using these passwords.
A "cryptographic" solution would be to simply store a hash of the password
rather than the password itself in the "appended" dictionary. A CRYPTOGRAPHIC
solution would be to use one time passwords :).
Chris Gorsuch
[email protected]
*I am not responsible for the content of the above message :)