FileIntegrityAIDE
Differences between revisions 10 and 12 (spanning 2 versions)
|
Size: 7645
Comment: edits, and local resource table---jbs
|
Size: 61
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| ||<tablestyle="float:right; font-size: 0.9em; width:40%; background:#F1F1ED; margin: 0 0 1em 1em;" style="padding:0.5em;">'''Contents'''[[BR]][[TableOfContents(3)]]|| == Introduction == Many security mechanisms present in Ubuntu and elsewhere require a password. Passwords are the most commonly used security tactic in computing, and are frequently used to protect sensitive information, such as your e-mail account, or your Ubuntu user account. Choosing a strong password for any application, or service which may require one is extremely important. If the password you choose is based on common information such as a dictionary word, an attacker may use a so-called "brute-force" method of determining your password, and subsequently compromise the account, or data protected with that password. This guide demonstrates the generation of strong passwords with applications available to Ubuntu. This guide ''does not'' recommend a formal password policy, including rotation/change scheduling, re-use prevention strategies, and the like. Such principles are beyond the scope of this guide, and the reader is requested to see the resources presented at the end of this guide for further information on passwords, and formal password policies. == Target Audience == This guide is for anyone with sufficient experience with the GNU/Linux command-line, including installing packages using {{{apt-get}}}, and executing command-line tools who also has an interest in passwords, and generating strong passwords with a command-line utility. == Strong Passwords == Applications, and libraries exist for your Ubuntu system to assist in generating, or enforcing strong passwords. A strong password is defined as any password which meets the following criteria: * At least ''eight'' (8) characters in length * Does not contain your user name, real name, or organization name * Does not contain a complete dictionary word * Is significantly different from your previous password * Should contain ''three'' (3) of the following character types * Lowercase Alphabetical (a, b, c, etc.) * Uppercase Alphabetical (A, B, C, etc.) * Numerics (0, 1, 2, etc.) * Special Characters (@, %, !, etc.) == Generating Strong Passwords in Ubuntu == Now that we've establish what constitutes a strong password. How do we have our computers help generate strong passwords automatically? This section will cover the ''Automatic Password Generator'' application (APG) which is available in Ubuntu via System Administration (universe). APG does precisely what its name implies: ''automatically generates passwords''. Not only does APG generate passwords, it will generate ''strong passwords'' for you as well. If you wish to study APG further, you may find all information at the APG website. (''see '''Resources''' section of this guide'') attachment:IconsPage/IconTip.png ''It should be noted here that Ubuntu's password functions for user accounts do provide some means of enforcing strong passwords for user accounts, but there are cases, and applications where the strength of the password cannot be enforced in this manner, and so this guide exists to help the user generate acceptable strong passwords''. === Installing APG === To install APG, ensure you have enabled the Universe Packages, (''see UniversePackages'') and a have live connection to the Internet, then issue the following command at a command prompt: {{{ sudo apt-get install apg}}} You will be prompted for a password. The password being requested is ''your user password'', or the same password you use when issuing commands with the {{{sudo}}} command. After authentication, the APG package will be downloaded, and installed. You are now ready to begin using, and further configuring APG to your liking. === Using APG === The default behavior of APG installed on Ubuntu via apt-get when executed, is to prompt for random data from standard input (typically the keyboard) and upon pressing enter, display ''six'' (6) strong "pronounceable" passwords. They are referred to as "pronounceable" because the passwords may actually be pronounced like regular words. In fact, APG includes the pronunciation in parentheses () to the right of each password. Additionally, they are ''strong passwords'' because they include a mix of lowercase, uppercase, and numeric characters. An example of executing {{{apg}}} and the the default output of APG is presented here: {{{apg}}} APG prompts for the input of random keyboard keys, and then, after pressing '''ENTER''', produces output similar to this: {{{ queafWodEis5 (queaf-Wod-Eis-FIVE) WoudElIc6 (Woud-El-Ic-SIX) GorIacNewt8 (Gor-Iac-Newt-EIGHT) ShratUplEov7 (Shrat-Upl-E-ov-SEVEN) hexLyafByff1 (hex-Lyaf-Byff-ONE) Irkyorn9 (Irk-yorn-NINE) }}} If you would like to enforce different behavior from APG, there are many options you may pass to the '''apg''' command for the purpose of changing the default output, and behavior of APG. For example, to generate ''random character passwords'' instead of the ''pronounceable'' passwords, you may invoke APG with the '''-a 1''' option, where '''-a''' is the ''algorithm'' APG uses, and '''1''' selects random mode. The following command would produce ''six'' (6) random character passwords with no prompting to input random data: {{{ apg -a 1}}} Upon executing the above command, APG outputs a list of ''six'' (6) random character passwords similar to these: {{{ S:w[AOe< !_IlD#_G/~ )lL`avASe6 SgzlI:lU?h ~Wc(0b"{ '4fU25w%} }}} If you wish to always enforce prompting for random data from standard input (keyboard), to ensure the most secure passwords possible, you should explicitly tell APG to do so with the {{{-s}}} option. Another example would be the generation of four (4) WiFi Protected Access (WPA) Pre Shared Keys (WPA PSKs) having the maximum supported WPA PSK length of 63 random characters for use with modern WiFi equipment, such as a Wireless Access Point (WAP). To generate such a sequence, and use random data prompting, issue the following command at a command prompt: {{{apg -s -a 1 -m 63 -n 4}}} After supplying the random keyboard data, and pressing '''ENTER''' a list of strong WPA PSKs will be presented, similar to these: {{{ +DIaz*<DmO6VAFR/cQ>B^'[mtB;J1ABi*n"B<=|_My"5bZv#*iRJH!0oCcf!,@Z os#?3;sC2}/A>lG^e*9%9}pd^&A\'eLkdC,lk#jB,bcg70I|q@U:^VZP"}>3z?G rj??<_Ej%-:2LW;4q_?53$ab$U_~1I(({`^LN1Hd&&gKj+Dw;EqR<\qH_VQ{`s! "x3up};b~/jU6Vo,t">Dr~f_U`NSNr30JmOD@c'Y:p2wvc"0s?$MtT<S5Qr\AZi }}} Many other options are available. You should consult the APG manual page, and the APG website for further information. (''see '''Resources''' section of this guide'') == Resources == Additional password information, command information, and formal password policy guidelines are available via the following resources: === Local System Resources === ||<style="background:#F1F1ED;">{{{man apg}}}|| System manual page for the {{{apg}}} command|| ||<style="background:#F1F1ED;">{{{man passwd}}}|| System manual page for the {{{passwd}}} command|| === WWW Resources === [http://www.adel.nursat.kz/apg/ APG website] [http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci916934,00.html?track=sap805 Bad Password Policies] [http://www.sans.org/resources/policies/Password_Policy.pdf SANS Password Policy Guideline (PDF Document)] [http://www.sans.org/rr/whitepapers/authentication/1636.php Simple Formula For Strong Passwords (PDF Document)] [http://www.smat.us/sanity/pwdilemma.html#anchor12895273 Strong Password Policies] ---- CategoryDocumentation |
#REFRESH 0 http://help.ubuntu.com/community/FileIntegrityAIDE |
FileIntegrityAIDE (last edited 2008-08-06 16:40:00 by localhost)