[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

enforce minimum password strength / pam-cracklib

I will give feedback :wink:
Until now, I am testing with “test” password with ‘sudo passwd root’
Whonix Gateway permit test password. no good :frowning:
But on user no

hellresistor via Whonix Forum:

I will give feedback :wink:
Until now, I am testing with “test” password with ‘sudo passwd root’
Whonix Gateway permit test password. no good :frowning:
Whonix Workstation not permit test password. are good. :wink:

Are you suggesting pam-cracklib?

See also:

1 Like

Yes, It’s that! :blush:

Update about “Hell VMs” are good a little slow, because of USB2.0 controller as defined on VMWare machine( Debian Host) . I am using a USB Boot key … well … I need run PLPBT.iso (boot loader image to get USB on VM). with USB 3 controller enabled box, the PLPBT.iso won’t detect USB :wink: (VM into VM into VM into … :crazy_face: :crazy_face: )

I’ve better documented existing defenses just now. Please have a look here:

Which are attack scenarios / threat models remain in which cracking a linux user account password could still be attempted? Which compromised linux user account could try to bruteforce the password of which other linux user account?

Once we have an answer to that, we can add more defenses and/or consider pam-cracklib.

2 Likes

Was previously discussed here protect Linux user accounts against brute force attacks

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]