Randy McMurchy wrote:
Hi all,
Something I've thought about for a long time, and now that CrackLib
is a maintained and stable package, I would like to propose that the
community consider adding this package to Chapter 6 in the LFS build.
-1.
Technical reason:
It doesn't stop international users from creating bad passwords without
some certainly-beyond-BLFS additional setup. Details are below.
Russians can type any Russian word according to Russian marks on the
keyboard but with the US layout active. This results in something like
"gfhjkm" which passes standard dictionary tests, even with the Russian
wordlist (containing "пароль" instead of that). And that's the Russian
translation of "password" :)
So the reality is: there is no downloadable dictionary that would stop
such attacks. I have spent some time converting the available Russian
wordlist to that format, and it succeeded every time I wanted to
bruteforce a password on Russian servers.
--
Alexander E. Patrakov
--
http://linuxfromscratch.org/mailman/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
