Re: Found, a new rootkit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 05/04/06, Mike McCarty <Mike.McCarty@xxxxxxxxxxxxx> wrote:
Tim wrote:
> On Tue, 2006-04-04 at 00:46 -0500, Mike McCarty wrote:
>
>>Should include at least one "special" character.
>
>
> When telling someone that, you really need to define what you mean by
> "special".  I know the next bit goes somewhat towards that, but it's
> still a bit too vague.  You can also get people trying to use characters
> that can't be used with some password systems.  It would really help if
> password systems would accept any character that you can type on the
> keyboard.

IMO, these rules need to be enforced by the password system itself.
So, exactly what constitutes a "special" character should be built
into it, and if an invalid character is detected, then a useful
error message should be generated.

Anyway, I wasn't trying to write out a fully comprehensive set of rules.
I was simply stating what I consider to be the minimum security.
Guidelines, not rules.

Another good guide is:

Enforce changing of passwords on at least a monthly basis.
Do not permit re-use of old passwords.

>>Should not include non-graphic characters (like CR, LF, CTRL-A).
>>Should be at least 6 and preferably over 8 characters long.
>>Should be "rememberable".
>>Should *not* be written down anywhere.
>
>
> The last two being a key problem.  By now, I've amassed about a dozen
> passwords that I just cannot remember.  Even if I wanted to make
> memorable passwords, too many systems are so limited that you can't
> easily do it (e.g. passwords are too short, etc.).  Then there's the
> problem of remembering which password belongs to what account.  Writing
> them down, or writing down the reminder trick, becomes the only way to
> do so.

See my other message about writing down.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Sorry to be off-topic, but could someone tell a total noob what is that all about?

--
A. Helmy
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux