Anatomy of a Proactive Password Checker



Bibliographic Information


The issue of poor user selection of passwords has been discussed in many papers and need not be repeated here. Among the techniques used to overcome these problems are random generation of passwords, challenge-response techniques, key crunching, and the examination of user-selected passwords either by cracking them or by analyzing them before allowing the password to be changed. In this paper we look at a program specifically designed to do the latter.

This paper will describe a new version of the UNIX password changing program called passwd+. This program provides extensions to both the password changing facility and the password checking facility. The former allows users to be given full responsibility for, and control over, accounts other than their own; the latter allows the system administrators to constrain password selection so that users cannot install passwords deemed easily guessable.


This is the manuscript version. The definitive version was published in Proceedings of the Third UNIX Security Symposium, Sep. 1992.