[pptp-server] Choice of passwords
Gareth Marlow
Gareth_Marlow at scientia.com
Thu Jan 6 11:43:20 CST 2000
Season's Greetings.
I have a question about choosing passwords. I have successfully set up
PoPToP and am able to happily get connections going from a dial-up account
to the server, so I'm at the next stage of bringing this in as a
production system. My /etc/ppp/chap-secrets file currently contains lines
like:
workgroup\\jim * Jones ipa.ddr.ess1
workgroup\\john * Smith ipa.ddr.ess2
to give different users different IP addresses (we want to give different
people different levels of access. The passwords in this case are
therefore Jones and Smith respectively.
I understand that the MPPE keys are derived from the password and that
therefore the passwords should be very high entropy, especially if 128 bit
encryption is being used.
So my question is, how are you generating strong passwords to use here?
How long do they have to be? We currently take an MD5 hash of a large log
file and take 16 character chunks to use as our APOP shared secrets with
Eudora/Qpopper - is there something equivalent that can be done here?
Also, one of the PPP options mentions that the passwords in
/etc/ppp/chap-secrets can themselves be encrypted to prevent someone who
gains root from getting them. How does this work?
Sorry for the long question...
Cheers,
Gareth
--
Gareth Marlow, Systems Administrator Scientia Ltd.
______________________________________________________________________
They've got lumps of it round the back
More information about the pptp-server
mailing list