emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

libmisc, man: Drop old check and advice for complex character sets in passwords

Browse Source 
Add the relevant XKCD to the passwd(1) manual page.  It already explains
most of the rationale behind this patch.

Add also reference to makepasswd(1), which is a good way to generate
strong passwords.  Personally, I commonly run `makepasswd --chars 64` to
create my passwords, or 32 for passwords I need to type interactively
often.

The strength of a password is an exponential formula, where the base is
the size of the character set, and the exponent is the length of the
password.  That already shows why long passwords of just lowercase
letters are better than short Pa$sw0rdZ3.  But an even more important
point is that humans, when forced to use symbols in a password, are more
likely to do trivial substitutions on simple passwords, which doesn't
increase strength, and can instead give a false sense of strength, which
is dangerous.

Closes: <https://github.com/shadow-maint/shadow/issues/688>
Link: <https://xkcd.com/936/>
Cc: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
Alejandro Colomar 2023-03-24 18:23:59 +01:00 committed by Iker Pedrosa
parent 7078ed1e0b
commit 0c4fa6ee0a
2 changed files with 24 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
libmisc/obscure.c
View File

@ -75,57 +75,6 @@ static bool similar (/*@notnull@*/const char *old, /*@notnull@*/const char *new)
return true; return true;
} }
/*
* a nice mix of characters.
*/
static bool simple (unused const char *old, const char *new)
{
bool digits = false;
bool uppers = false;
bool lowers = false;
bool others = false;
int size;
int i;
for (i = 0; '\0' != new[i]; i++) {
if (isdigit (new[i])) {
digits = true;
} else if (isupper (new[i])) {
uppers = true;
} else if (islower (new[i])) {
lowers = true;
} else {
others = true;
}
}
/*
* The scam is this - a password of only one character type
* must be 8 letters long. Two types, 7, and so on.
*/
size = 9;
if (digits) {
size--;
}
if (uppers) {
size--;
}
if (lowers) {
size--;
}
if (others) {
size--;
}
if (size <= i) {
return false;
}
return true;
}
static char *str_lower (/*@returned@*/char *string) static char *str_lower (/*@returned@*/char *string)
{ {
char *cp; char *cp;
@ -170,8 +119,6 @@ static /*@observer@*//*@null@*/const char *password_check (
msg = _("case changes only"); msg = _("case changes only");
} else if (similar (oldmono, newmono)) { } else if (similar (oldmono, newmono)) {
msg = _("too similar"); msg = _("too similar");
} else if (simple (old, new)) {
msg = _("too simple");
} else if (strstr (wrapped, newmono) != NULL) { } else if (strstr (wrapped, newmono) != NULL) {
msg = _("rotated"); msg = _("rotated");
} else { } else {

45
man/passwd.1.xml
View File

@ -94,27 +94,10 @@
</para> </para>
<para> <para>
Then, the password is tested for complexity. As a general guideline, Then, the password is tested for complexity.
passwords should consist of 6 to 8 characters including one or more <command>passwd</command> will reject any password which is not
characters from each of the following sets: suitably complex. Care must be taken not to include the system
</para> default erase or kill characters.
<itemizedlist mark='bullet'>
<listitem>
<para>lower case alphabetics</para>
</listitem>
<listitem>
<para>digits 0 thru 9</para>
</listitem>
<listitem>
<para>punctuation marks</para>
</listitem>
</itemizedlist>
<para>
Care must be taken not to include the system default erase or kill
characters. <command>passwd</command> will reject any password which
is not suitably complex.
</para> </para>
</refsect2> </refsect2>
@ -139,6 +122,17 @@
used as guesses to violate system security. used as guesses to violate system security.
</para> </para>
<para>
As a general guideline, passwords should be long and random. It's
fine to use simple character sets, such as passwords consisting
only of lowercase letters, if that helps memorizing longer
passwords. For a password consisting only of lowercase English
letters randomly chosen, and a length of 32, there are 26^32
(approximately 2^150) different possible combinations. Being an
exponential equation, it's apparent that the exponent (the length)
is more important than the base (the size of the character set).
</para>
<para> <para>
You can find advice on how to choose a strong password on You can find advice on how to choose a strong password on
http://en.wikipedia.org/wiki/Password_strength http://en.wikipedia.org/wiki/Password_strength
@ -473,6 +467,9 @@
<citerefentry> <citerefentry>
<refentrytitle>chpasswd</refentrytitle><manvolnum>8</manvolnum> <refentrytitle>chpasswd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>, </citerefentry>,
<citerefentry>
<refentrytitle>makepasswd</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry> <citerefentry>
<refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum> <refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>, </citerefentry>,
@ -488,5 +485,11 @@
<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum> <refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>. </citerefentry>.
</para> </para>
<para>
The following web page comically (yet correctly) compares the
strength of two different methods for choosing a password:
"https://xkcd.com/936/"
</para>
</refsect1> </refsect1>
</refentry> </refentry>