rchatterjee / pam-typopw Goto Github PK
View Code? Open in Web Editor NEWTypo tolerant password checking for OSX and Linux. [Windows is in the way]
License: MIT License
Typo tolerant password checking for OSX and Linux. [Windows is in the way]
License: MIT License
su rahul
creates a session and closes it immediately, not sure why.
[user@zenbook]$ su rahul
aDAPTIVE pASSWORD:
[user@zenbook]$ [user@zenbook]$
Sep 28 09:08:41 rahul-zenbook su[11274]: Successful su for rahul by rahul
Sep 28 09:08:41 rahul-zenbook su[11274]: + /dev/pts/1 rahul:rahul
Sep 28 09:08:41 rahul-zenbook su[11274]: pam_unix(su:session): session opened for user rahul by rahul(uid=1000)
Sep 28 09:08:43 rahul-zenbook su[11274]: pam_unix(su:session): session closed for user rahul
Does the adaptive typo-tolerance work for a non-US/non-standard layout? If so, is this detected automatically, or is there a configuration parameter to set somewhere? (The target use uses US/dvorak layout).
Assign expiry for each cache entries, so that the typos that are not used in a long time is removed from the cache. This will definitely make room for new typos, and also remove one potential guess from the attacker's plate. Also, during warmup forcefully some typos are inserted in the cache, all of which might not be relevant for the user, and the are unnecessarily increasing attack surface of some users (who rarely mistypes their password).
(Suggested by Tom.)
problem - the install script fails in installing word2keypress
"""
Installed /usr/local/lib/python2.7/dist-packages/adaptive_typo-1.0-py2.7.egg
Processing dependencies for adaptive-typo==1.0
Searching for word2keypress
Reading https://pypi.python.org/simple/word2keypress/
Best match: word2keypress 0.3
Downloading https://pypi.python.org/packages/36/5c/0b33769c91bca3cc59db091ff0c62deb088822900adc509bf29e9dce8cbd/word2keypress-0.3.tar.gz#md5=cb85ab3c2cf94ad6758fdbd26238f7bf
Processing word2keypress-0.3.tar.gz
Writing /tmp/easy_install-tFkpWR/word2keypress-0.3/setup.cfg
Running word2keypress-0.3/setup.py -q bdist_egg --dist-dir /tmp/easy_install-tFkpWR/word2keypress-0.3/egg-dist-tmp-Yg3X31
word2keypress/_keyboard.c:283:31: fatal error: numpy/arrayobject.h: No such file or directory
compilation terminated. """
solved it (for now) by downloading it manually via the website gui
Sep 6 12:25:06 yuval-VirtualBox2 /usr/local/bin//pam_typotolerant.py[7254]: import('pkg_resources').run_script('adaptive-typo==1.0', 'pam_typotolerant.py')
Sep 6 12:25:06 yuval-VirtualBox2 /usr/local/bin//pam_typotolerant.py[7254]: File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 719, in run_script
Sep 6 12:25:06 yuval-VirtualBox2 /usr/local/bin//pam_typotolerant.py[7254]: self.require(requires)[0].run_script(script_name, ns)
Sep 6 12:25:06 yuval-VirtualBox2 /usr/local/bin//pam_typotolerant.py[7254]: File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 1496, in run_script
Sep 6 12:25:06 yuval-VirtualBox2 /usr/local/bin//pam_typotolerant.py[7254]: raise ResolutionError("No script named %r" % script_name)
Sep 6 12:25:06 yuval-VirtualBox2 /usr/local/bin//pam_typotolerant.py[7254]: ResolutionError: No script named 'pam_typotolerant.py'
The current stored data leaks the password length and the entropy estimate. The former is leaked when the user accidentally enters a blank password (since the hamming distance is therefore the entire password length).
Options seem to be:
The entropy estimate, for example, could potentially lead to a knapsack-like problem. Suppose a naive implementation simply assigns an entropy estimate to each character independently, then the letters of the password could be recovered by solving the knapsack of these per-character weights.
Update README.md as per new install script.
typtop
into two modules typtopadmin
(with root-only works) and typtop
(for other funtionalities).Fails miserably in python3. fix it!
This bug is found in Debian and Ubuntu machines. The su
session mysteriously closes immediately after opening. Seems something wrong with pam_typtop or the configuration.
Log from /var/log/auth.log.
Feb 22 05:49:27 rahul-zenbook su[25438]: pam_typtop(su:auth): called typtop with correct pw
Feb 22 05:49:27 rahul-zenbook su[25438]: pam_typtop(su:auth): returning PAM_SUCCESS.
Feb 22 05:49:27 rahul-zenbook su[25438]: Successful su for rahul by rahul
Feb 22 05:49:27 rahul-zenbook su[25438]: + /dev/pts/7 rahul:rahul
Feb 22 05:49:27 rahul-zenbook su[25438]: pam_typtop(su:setcred): called pam_sm_setcred. flag=2
Feb 22 05:49:27 rahul-zenbook su[25438]: pam_unix(su:session): session opened for user rahul by rahul(uid=1000)
Feb 22 05:49:27 rahul-zenbook su[25438]: pam_unix(su:session): session closed for user rahul
Feb 22 05:49:27 rahul-zenbook su[25438]: pam_typtop(su:setcred): called pam_sm_setcred. flag=4
needs to add numpy for word2keypress
This problem accured mid-correction of a different problem, so might not be relevent
sudo apt-get install sqlite3
sh: 0: getcwd() failed: No such file or directory
sh: 0: getcwd() failed: No such file or directory
aDAPTIVE pASSWORD:
...
...
...
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.