Red Hat Linux 7.1: The Official Red Hat Linux Reference Guide | ||
---|---|---|
Prev | Chapter 7. Red Hat Security Primer | Next |
Passwords are the keys to your system. It goes without saying that they should be as secure as possible to prevent an unauthorized login, which is the first step to much bigger security problems. Using passwords that are strong enough to blunt an attack is a crucial yet simple step that can save you a lot of trouble in the future.
Many passwords used by users are quite easy to guess. Red Hat Linux provides a number of different ways to provide authentication to the system, including encrypted passwords using crypt, shadow passwords (covered in greater detail in the section called Shadow Utilities in Chapter 12), Kerberos 5, and beyond. In every situation where you select a password as part of an authentication scheme, the security of that scheme is at least partially at the mercy of the complexity of the password chosen.
Why should you always try to create secure passwords that are difficult to guess? In short, the price of powerful computer hardware continues to decrease while the number of quality and freely-available tools and methods for cracking passwords continues to increase. Due to the way that passwords are stored in many of the simpler authentication schemes, if an attacker ever gains access to the file containing the passwords of your system's users, they can usually guess one of them in a relatively short amount of time by testing the encrypted passwords against a list of dictionary words. While the authentication schemes are aware of these kinds of attacks and try various methods to help make them less likely, none of these methods is foolproof. Therefore, you should pay great attention to the kind of password you select and how often you change it, especially with the root account.
A good password has the following qualities:
Has at least eight characters — The shorter the password, the generally easier it is to crack.
Is made up of characters, numbers, and symbols — Numbers and symbols hidden within letters (or vice versa) lengthens the possible number of options for a given character, which strengthens the overall password.
Is unique — Select passwords that are different than other passwords you may be using. If all of your passwords are the same or very similar, the magnitude of a security breach can be much greater.
You should avoid using passwords that
Are dictionary words — By using dictionary words as passwords, you are making it exponentially easier for your system to be cracked. Don't do it, and don't override authentication schemes that prevent the use of dictionary words to allow your users to do it.
Are tied to your personal information — If you use passwords that are your birthday, spouse's name, or the make of your car, you are asking for trouble. Think about every password you use and determine whether or not someone who knows you could guess it. If there is even a slight chance they could, don't use that password.
Cannot be typed quickly — If your password is so complicated that you must hunt-and-peck for the characters each time you type it, prying eyes could easily watch your fingers and guess your password. At the very least, practice typing your password while alone to increase the speed in which you can type it.