Remembering old passwords

John Haugh jfh at killer.UUCP
Sun Feb 21 04:16:56 AEST 1988


One thing I learned about cryptanalysis, any information you 
provide to a potential villian is too much.  The security of
letting people know you use DES is that DES is supposed to
be hard to break.  However, providing a tip-off that someone
_may_ be using a certain password provides with it the information
that potential villian should try that password on all current
users, and if someone _is_ using that password, then the
security of the system has been compromised.  So, regardless
of how difficult DES is to break, telling the bad guys that
you wouldn't let two people use the same password, either now
or ever is a Bad Thing.

Think about it.

- John.
-- 
John F. Haugh II                  SNAIL:  HECI Exploration Co. Inc.
UUCP: ...!ihnp4!killer!jfh                11910 Greenville Ave, Suite 600
"You can't threaten us, we're             Dallas, TX. 75243
  the Oil Company!"                       (214) 231-0993 Ext 260



More information about the Comp.unix.wizards mailing list