Password security - Another idea

David L. Jobusch jobusch at atanasoff.cs.iastate.edu
Fri Dec 30 02:57:05 AEST 1988


In article <2271 at pompeii.cs.swarthmore.edu> schwartz at pompeii.UUCP (Scott Schwartz) writes:
>As it happens, I think that Barry has a good point here.  I think
>one answer is to admit that 8 character passwords (and user id's,
>for that matter!) are too small.  Someone who knows a lot about
>encryption (not me!) should suggest a better number.
>-- 
>Scott Schwartz <schwartz at cs.swarthmore.edu>  <psuvax1!vu-vlsi!swatsun!schwartz>

Part of a project I am working on now uses a technique my major
professor describes in a paper to compress an ARBITRARY length password 
(or better, a pass-phrase) into the 56 bit DES key. The goal is to allow the
arbitrary length passwords to "fit" into the current password mechanisms
without breaking too much software (uses /etc/passwd, field sizes stay
the same, staying away from "shadow" files, etc...).

I, too, would be interested in hearing arguments for and against various
restrictions on passwords. User frustration with picky mechanisms (must
use a ... ) around my office usually leads to root setting the person's
password to "hi" or something equally secure.

(I would appreciate replies through email; will post summary if needed.)

Dave Jobusch, Iowa State University Telecommunications
jobusch at atanasoff.cs.iastate.edu    j1.dlj at isumvs.bitnet (ick)
        ^^^^^^^^^
	As in John Vincent Atanasoff, the creator of the world's first
	electronic digital computer, built at ISU. Spread the news.



More information about the Comp.unix.wizards mailing list