SCO password generator
Martin Weitzel
martin at mwtech.UUCP
Tue May 21 22:55:05 AEST 1991
In article <1991May14.040042.15199 at jpradley.jpr.com> jpr at jpradley.jpr.com (Jean-Pierre Radley) writes:
>In article <1991May06.144015.17086 at dircon.co.uk> uaa1006 at dircon.co.uk (Peter Miles) writes:
>>Does anyone know if it's possible to access the SCO UNIX password
>>generator from outside the 'passwd' command?
>>
>>(The generator outputs a pronounceable, but non-real word for
>>more password security.)
>
>Since it's part of a binary program -- /bin/passwd --, I'd say the answer is
>no, unless you have a nice convenient way to disassemble /bin/passwd and
>extract just that part of the code.
NOTE: The following may or may not be applicable to SCO UNIX, but here
is just one subtlety you should consider if you ever think about password
generators:
Be sure that the period of the generated passwords is really BIG. E.g. if
you take the 95 printing characters and use full length passwords (8 chars),
you have
95 ^ 8 == 6 634 204 312 890 625
different passwords.
On the other hand, if some generator is based on random `long int's, you'll
probably end up with only
2 ^ 32 == 4 294 967 296
different passwords. Of course the generator will be seeded in a user
specific way but that does not change its period! The important point here
is that some intruder may prepare a list of encoded vs. clear text passwords
and use it to break into your system. The time to compile and the size of
such a list 1.5 millions larger in the former than in the latter case!!
--
Martin Weitzel, email: martin at mwtech.UUCP, voice: 49-(0)6151-6 56 83
More information about the Comp.unix.sysv386
mailing list