[ Pobierz całość w formacie PDF ]

- Name of your company, department, workgroup, etc.
- Password written in the calendar on your desk or on the side of your computer.
- A password which you also use in an insecure public place, for example an Internet store or a mailing list. In general, you should use
different passwords for places controlled by different organizations.
- Any word which is in the English dictionary. The English dictionary does not contain as many words as it might seem. A
not-so-skillful hacker can easily set a program to encrypt all dictionary words (100,000? that's under 1 MB!) and then compare all the
encrypted strings to your encrypted password. As a matter of fact, tools for the "dictionary attack" are readily available on the Internet.
Try the program crack yourself to find how easy it is. Swear words or "cool" (colloquial) expressions make the password
particularly vulnerable for cracking.
- Any other word, last name, first name, pet or swear word, no matter in what language. For a cracker, to cover most languages is only
a small overhead if he already covered one. How many significant languages are out there? 40? The cracker just grabs a few more
files and appends it to his cracking list. The point here is that the subset of words that humans normally use if far far below the
theoretical limit of the random combination of characters.
- Any of the above with an addition of a number/letter at the beginning or the end. "yuoping1" is really a very weak password.
A good password is relatively long (minimum 6 characters, some experts even recommend minimum 10 characters), contains a
mixture of letters (upper and lower case, if possible), numbers and special characters, and is changed quite regularly (8-16 weeks?).
Unfortunately, the better the password, the harder it is to remember. I solved this problem for myself by taking 10 minutes to invent
my personal password "scheme". Say, I always start and end with the monkey (@) sign, and use two words connected with an
exclamation mark, the last letter of each word is capitalized, e.g., "@whitE!housE@". Seems like an adequate password, and it is easy
to remember once I know what my password rule is. If you are a memory genius, you may consider truly excellent passwords
generated with mkpasswd :))
The system administrator can set the password policy (minimum length, requirement of special characters, password expiry) through
the utility included in this configuration program (run as root):
linuxconf
under the menu "user account"-"policies"-"password & account policies". Normal users won't be able to set a password which is too
short, is a dictionary word, or does not contain the prescribed number of non-alphanumeric characters (but root can change any
password to anything s/he likes, s/he will only be given a warning).
Also make sure that any file that contains any password of yours (e.g., /root/.kde/share/config/kppprc) has proper,
Part 3: Basic Operations FAQ 37
Linux Newbie Guide by Stan, Peter and Marie Klimas 01/08/2003
secure permissions so that it cannot be read by anybody. For example, most likely you want:
chmod 600 kppprc
If you use an "over the phone" Internet connection for just a couple of hours a week, you may be fine even with a relatively weak
password on your system. But please really reconsider your system security if you use a cable modem, or are otherwise connected to
the Internet for a significant amount of time.
Most computer semi-literate use amazingly weak passwords. "Around 50 percent of computer users base passwords on the name of a
family member, partner or a pet. Thirty percent look to a pop idol or sporting hero," reports CNN
(http://www.cnn.com/2002/TECH/ptech/03/13/dangerous.passwords/index.htmll). Please note the underlined base. Appending a digit
to an obvious word hardly makes the password more secure.
3.2.3 I forgot the root password
Even if I never forget any passwords, I would still study this issue in detail because it can give me a hint on how my mother might be
reading my ICQ chats history :-)
First method. The easiest way to solve your "forgotten root password" problem is to boot your Linux in the single-user mode, namely
at the "lilo"prompt (during bootup) type:
linux single
This will make you "root" without asking for a password. Now, being root, you may change the root password using this command
(no knowledge of the old password required):
passwd
If it strikes you as insecure, that's because no computer system is secure if other people have physical access to your hardware.
Nevertheless, I did not like the "linux single" hole on my home computer and plugged it by adding the following lines to my
/etc/lilo.conf file (at the end of the "image=" section):
password="my_password"
restricted [ Pobierz całość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • goskas.keep.pl
  •