pam_pwnd
Armada
pam_pwnd | Armada | |
---|---|---|
1 | 2 | |
34 | 138 | |
- | 0.7% | |
0.0 | 4.3 | |
over 4 years ago | 4 months ago | |
C | C# | |
BSD 2-clause "Simplified" License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pam_pwnd
-
Linux Hardening Guide
> If the user has a super secure password shared with a different, compromised service, libcrack will not detect that.
There's a module[0] for that (TM).
> Expiry results in passwords like: (prefix)Dec2020, (prefix)5
libcrack can enforce similarity and rotation checks too [1].
> or cycling the last 2/3 entries.
There's also another module[2] just for that.
[0]: https://github.com/skx/pam_pwnd
Armada
-
Any way to guarantee the absence of undefined behaviour short of SPARK?
Similarly there exist systems for giving formal assurances about concurrent C code, but that's not something the language itself offers.
-
Linux Hardening Guide
Even there it depends. 'Programming practices' is vague. Even C can be tamed, at great expense, using formal methods techniques. [0][1][2][3] Adoption of such methods can give a solid assurance of the lack of UB, like use of a safe language. Weaker measures, like adopting MISRA C, don't provide such strong assurances (although they can eliminate certain categories of errors), and as you indicate, their real value is a bit more subjective. Mandating a bad programming style could actively make things worse.
[0] https://trust-in-soft.com/
[1] https://www.eschertech.com/products/perfect_developer.php
[2] https://github.com/microsoft/Armada
[3] https://www.microsoft.com/en-us/research/project/vcc-a-verif...
What are some alternatives?
madaidans-insecurities.github.io
ansible-collection-hardening - This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
magic-wormhole - get things from one computer to another, safely [Moved to: https://github.com/magic-wormhole/magic-wormhole]
systemd - The systemd System and Service Manager
rustls - A modern TLS library in Rust