Re: minimum number of days between password change

On Wed, 3 Nov 2010, Mark Allums wrote: Not a pattern in the hashes. A pattern in the history. Hi Mark. That's what I meant. The history is made up of hashes and possibly additional information. Cheers, Rob -- Email: rob...@timetraveller.org Linux counter ID #16440 IRC: Solver (

Re: minimum number of days between password change

Wolodja Wentland wrote: > On Thu, Nov 04, 2010 at 10:55 +, Camaleón wrote: >> On Wed, 03 Nov 2010 20:40:15 +0100, Lukas Baxa wrote: >>> Camaleón wrote: > >>> I would like to file a new bug report, but I'm not sure against which >>> package. I'm considering either passwd or libpam-modules. >

Re: minimum number of days between password change

On Thu, Nov 04, 2010 at 10:55 +, Camaleón wrote: > On Wed, 03 Nov 2010 20:40:15 +0100, Lukas Baxa wrote: > > Camaleón wrote: > > I would like to file a new bug report, but I'm not sure against which > > package. I'm considering either passwd or libpam-modules. > "passwd" (as Wolodja suggeste

Re: minimum number of days between password change

On Wed, 03 Nov 2010 20:40:15 +0100, Lukas Baxa wrote: > Camaleón wrote: >> On Mon, 01 Nov 2010 21:35:20 +, Wolodja Wentland wrote: >> (...) >> >>> … which is clearly not working in the way it is described. I have not >>> reproduced this bug myself, but it is exactly that and should >>> there

Re: minimum number of days between password change

On 11/03/2010 10:41 AM, Robert Brockway wrote: [snip] Personally I don't think much of keeping a record of old password hashes but for a different reason: they are easily circumvented by the user changing their password several times until they can reuse the old one again. Then, instead of ret

Re: minimum number of days between password change

Mark Allums writes: > Not a pattern in the hashes. A pattern in the history. What history? There is no need to save anything but the last N hashes. -- John Hasler -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@li

Re: minimum number of days between password change

On 11/3/2010 10:41 AM, Robert Brockway wrote: On Wed, 3 Nov 2010, Mark Allums wrote: You can't reverse the hash, but a pattern in the history file might tell someone something you don't want them to know. Granted, you could keep the If the hash algorithm is worth its salt (pun intended) then

Re: minimum number of days between password change

Camaleón wrote: > On Mon, 01 Nov 2010 21:35:20 +, Wolodja Wentland wrote: > >> On Mon, Nov 01, 2010 at 12:49 -0500, Ron Johnson wrote: > However, I'm able to change my password when logged in as guest as many times I want the same day >>> If someone learns my password on day 2, they

Re: minimum number of days between password change

On Wed, 3 Nov 2010, Mark Allums wrote: I know it is the hashes. Everything leaves tracks. It's not the passwords that might be compromised, it's the privacy. I expect this is an example of extreme paranoia, but still... An unrelated example: Incognito mode (AKA, porn mode) of Google Chrom

Re: minimum number of days between password change

On 11/2/2010 11:57 PM, Ron Johnson wrote: On 11/02/2010 09:58 PM, Mark Allums wrote: On 11/2/2010 9:40 PM, Jesús M. Navarro wrote: Hi, lee: On Tuesday 02 November 2010 21:26:54 lee wrote: On Mon, Nov 01, 2010 at 06:29:03PM -0500, Ron Johnson wrote: [snip] The way to do it is to have a reco

Re: minimum number of days between password change

On 11/02/2010 09:58 PM, Mark Allums wrote: On 11/2/2010 9:40 PM, Jesús M. Navarro wrote: Hi, lee: On Tuesday 02 November 2010 21:26:54 lee wrote: On Mon, Nov 01, 2010 at 06:29:03PM -0500, Ron Johnson wrote: [snip] The way to do it is to have a record in your password db of the hashes of eac

Re: minimum number of days between password change

On 11/2/2010 9:40 PM, Jesús M. Navarro wrote: Hi, lee: On Tuesday 02 November 2010 21:26:54 lee wrote: On Mon, Nov 01, 2010 at 06:29:03PM -0500, Ron Johnson wrote: On 11/01/2010 04:45 PM, Jesús M. Navarro wrote: Hi, Ron: On Monday 01 November 2010 18:49:01 Ron Johnson wrote: [...] If someo

Re: minimum number of days between password change

Hi, lee: On Tuesday 02 November 2010 21:26:54 lee wrote: > On Mon, Nov 01, 2010 at 06:29:03PM -0500, Ron Johnson wrote: > > On 11/01/2010 04:45 PM, Jesús M. Navarro wrote: > > >Hi, Ron: > > > > > >On Monday 01 November 2010 18:49:01 Ron Johnson wrote: > > >[...] > > > > > >>If someone learns my pa

Re: minimum number of days between password change

On Mon, 01 Nov 2010 21:35:20 +, Wolodja Wentland wrote: > On Mon, Nov 01, 2010 at 12:49 -0500, Ron Johnson wrote: >>> However, I'm able to change my password when logged in as guest as >>> many times I want the same day > >> If someone learns my password on day 2, they have full access to my

Re: minimum number of days between password change

On 11/02/2010 03:26 PM, lee wrote: On Mon, Nov 01, 2010 at 06:29:03PM -0500, Ron Johnson wrote: On 11/01/2010 04:45 PM, Jesús M. Navarro wrote: Hi, Ron: On Monday 01 November 2010 18:49:01 Ron Johnson wrote: [...] If someone learns my password on day 2, they have full access to my account for

Re: minimum number of days between password change

On Mon, Nov 01, 2010 at 06:29:03PM -0500, Ron Johnson wrote: > On 11/01/2010 04:45 PM, Jesús M. Navarro wrote: > >Hi, Ron: > > > >On Monday 01 November 2010 18:49:01 Ron Johnson wrote: > >[...] > >>If someone learns my password on day 2, they have full access to my > >>account for 74 days, or I mus

Re: minimum number of days between password change

Hi, Ron: On Tuesday 02 November 2010 00:29:03 Ron Johnson wrote: > On 11/01/2010 04:45 PM, Jesús M. Navarro wrote: > > Hi, Ron: > > > > On Monday 01 November 2010 18:49:01 Ron Johnson wrote: > > [...] > > > >> If someone learns my password on day 2, they have full access to my > >> account for 74

Re: minimum number of days between password change

On 11/01/2010 04:45 PM, Jesús M. Navarro wrote: Hi, Ron: On Monday 01 November 2010 18:49:01 Ron Johnson wrote: [...] If someone learns my password on day 2, they have full access to my account for 74 days, or I must beg for SysAdmin help? "Minimum number of days" isn't a very bright idea. I

Re: minimum number of days between password change

On Mon, Nov 01, 2010 at 12:49 -0500, Ron Johnson wrote: > On 11/01/2010 11:28 AM, Lukas Baxa wrote: […] >> Minimum number of days between password change : 76 >> Maximum number of days between password change : 90 >> Number of days of warning before passwo

Re: minimum number of days between password change

Hi, Ron: On Monday 01 November 2010 18:49:01 Ron Johnson wrote: [...] > If someone learns my password on day 2, they have full access to my > account for 74 days, or I must beg for SysAdmin help? > > "Minimum number of days" isn't a very bright idea. It is, for a low minimum number. The rational

Re: minimum number of days between password change

-- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/dcd311c5c867409ebd473862ff2b8...@staf.tio.nl

Re: minimum number of days between password change

, 2011 Password inactive : never Account expires : never Minimum number of days between password change : 76 Maximum number of days between password change : 90 Number of days of warning before password

minimum number of days between password change

ive : never Account expires : never Minimum number of days between password change : 76 Maximum number of days between password change : 90 Number of days of warning before password expires : 14 However, I'm