random passwords (was Re: Worm...)
Barry Shein
bzs at encore.com
Fri Dec 2 14:40:02 AEST 1988
>If the failed number is greater than MAXFAIL/2, then warn the user that
>he ought to reset his password (to anything, including what it was).
>Resetting would clear the failed field. Now that I think about it,
>you could print out the number of failed attempts to date at login time.
>Users would know right away if someone had been beating on their
>account.
>
>Wouldn't this be a much easier and more palatable way to solve the problem?
>
>Larry McVoy (lm%snafu at sun.com)
It's not a bad idea and doesn't complicate/change the user interface
but I think the concern was folks taking away your password file and
running attempts on their own machine.
Once, outside the 7-mile limit and many years ago, a friend recoded V7
crypt in tight assembler and broke the root password on the system
"upstairs", fixed a few kernel bugs we'd been bitching about and
rebooted the system. The reactions were mixed, tho folks seemed to
like the improvements to the terminal driver :-)
-Barry Shein, ||Encore||
More information about the Comp.unix.wizards
mailing list