Proteus wrote:
> So for my purposes, the main (good) use of a password cracking program is to
> test whether my users' (and mine, ie root) passwords are strong, right?
> (that is my intended purpose). And how long do I let the password cracking
> program run before I assume my passwords are strong-- I mean one could in
> theory let the cracking program run for days or weeks. When is enough
> enough, when is a password considered strong enough (and how do I know if a
> password I create is strong enough to thwart crackers?)?

You should install cracklib and enable it in your pam.

This library will test the password when the user changes it,
if it's a (possible) unsecure password, it will warn the user.
You can also configure it to only allow 'secure' passwords.

This will enable you to have some control over the passwords of the
users, without the need of asking them what they entered as password.

I think this is what you need.


When is a password strong enough? Depends for what purpose it is used...





--
-------------------------------------
Christophe 'ElCascador' Vandeplas
GSM: +32 (0)486/64.10.33
email: christophe(at)vandeplas(dot)com
http://www.vandeplas.com
GnuPG:1024D/14913897: 66BD A9EB 0357 D80F 20D4 D698 3B2B E562 1491 3897
-------------------------------------
*** PLEASE ***
"Never send mass-mails/forward to this email address.
Please add the email-address to the BCC field (Blind Carbon Copy)
or send the mail separately to me."