password security
Barry Shein
bzs at Encore.COM
Sat Dec 24 03:47:21 AEST 1988
From: prh at actnyc.UUCP (Paul R. Haas)
>In article <4444 at xenna.Encore.COM> bzs at Encore.COM (Barry Shein) writes:
>>The average secretary I know is bright enough to understand rules like
>>"use two short words with some upper-case letters and/or digits thrown
>>in and separated by a punctuation, like "Hey!Jude" "FidoIS#1". Very
>>hard to guess, very easy to remember, next...
>Give a thousand secretaries that same set of instructions and you will
>get far less than a thousand different passwords. Sort them in order
>of frequency and try them all on whatever system you are trying to
>crack. You certainly won't be able to break all the accounts, but you
>will get a few.
Is this based on *anything*? Or just a wild guess, sounds utterly
baseless to me. You honestly think if I told 1000 people to:
choose two short words separated by a punctuation character
and mix some upper-lower case into the words
I would frequently get the exact same result from different people?
Gads, and what might that result be? The world of human psychology
awaits your discovery! (the only exception I can imagine is that if
you gave an example they'd all use the example, but other than that,
you can check for that easily enough.)
>If people are allowed to create their own passwords, there should not be
>a way to try ten thousand different passwords on each account with out
>triggering some alarm.
I doubt you can ever achieve this as someone only needs access to your
encryption algorithm.
>If security is really important it may be usefull to put the shadow
>password file on a separate server machine. The server machine should be
>physically and electronically remote so that the only requests it
>services are "check password/username", "add password/username",
>"remove password/username" and "changepassword
>newpassword/oldpassword/username". This implies that backups and restores
>have to be done manually. A logical migration path to a secure password
>server is to use a shadow password file which is normally only accessable
>through a small well defined interface.
Unfortunately you now have to trust your network (eg. that I can't
send "password ok" messages from a different system.)
It's a hard problem, merely adding layers of complexity is not a
particularly compelling approach. That's my whole poing.
-Barry Shein, ||Encore||
More information about the Comp.unix.wizards
mailing list