60-second timeout in Unix login
Scott E. Preece
preece%fang at gswd-vms.gould.com
Fri Feb 19 00:33:41 AEST 1988
From: "j.r.lupien" <jrl at anuck.uucp>
> > Actually at BRL, it remembers all past passwords that everyone used and
> > won't ever let you reuse them (or use the "passwd" program to set too
> > accounts to the same password).
>
> Oh really? This means that if you get a reject, and you know it isn't
> one of your previous passwords, it >MUST< be someone else's! Then
> you just try each login on the system until you hit the one who's
> password you have just "guessed". This seems rather bogus.
> The passwd program should not give out ANY information
> about other users' passwords, even to the extent of
> "you have just used a word nobody else is using".
----------
I think you're misinterpreting the quote. I don't think they meant you
could never use a password that ANYONE had every used, only that you
couldn't use one that YOU had used before. The language is ambiguous --
either interpretation could be right, but since the "never use a
password that anyone had ever used" interpretation would require storing
the passwords in clear (or something not salted by user), I suspect the
"never reuse one of your old passwords" interpretation is what was
meant.
--
scott preece
gould/csd - urbana
uucp: ihnp4!uiucdcs!ccvaxa!preece
arpa: preece at Gould.com
More information about the Comp.unix.wizards
mailing list