Worm/Passwords
Eirik Fuller
eirik at tekcrl.TEK.COM
Sat Dec 3 09:49:10 AEST 1988
In article <231 at twwells.uucp> bill at twwells.UUCP (T. William Wells) writes:
) ...
)
) I was just addressing a valid objection
) raised elsewhere about password generators. The travesty program has
) the benefit of augmenting its random generator with additional data
) that the crasher has to get to before he can crack the password.
)
) This eliminates the problem with a crasher simply running a generator
) program through all its possible states.
Yes, it means he has to guess the meta-password too :-)
If he knows the algorithm for the meta-password, do you choose a
meta-meta-password? How many levels are enough?
If there is no algorithm for the meta-password, it probably comes from
the usual password mechanism, but once the mpw is guessed it gives
uniform (if slow) access to all the passwords. Of course there might
not be a good test for correctness of guesses for the meta-password ...
Then again, I might just be babbling. My own preference for passwords
is to change the algorithm every time I change my password. The set of
mappings from meaningful scraps of information into eight character
gibberish is limited only by imagination, and in a creative, careful
community there will be as many of them as there are accounts.
The real problem with generated passwords is remembering them, not
guessing them.
More information about the Comp.unix.wizards
mailing list