60-second timeout in Unix login
Richard Tobin
richard at aiva.ed.ac.uk
Mon Feb 22 04:30:42 AEST 1988
In article <470 at anuck.UUCP> jrl at anuck.UUCP (j.r.lupien) writes:
>In article <18083 at topaz.rutgers.edu>, ron at topaz.rutgers.edu (Ron Natalie) writes:
>> Actually at BRL, it remembers all past passwords that everyone used and
>> won't ever let you reuse them (or use the "passwd" program to set too
>> accounts to the same password).
>
>Oh really? This means that if you get a reject, and you know it isn't
>one of your previous passwords, it >MUST< be someone else's!
Yes, but you can do this anyway. Just try logging in as each person
in turn. Or more likely, write a program that tries the word for each
person. The whole point of a good encryption algorithm is to make
this sort of thing hard by making it slow. (That didn't stop them
using register variables in crypt(3), however. I guess it's hard to
overcome such habits...)
-- Richard
--
Richard Tobin, JANET: R.Tobin at uk.ac.ed
AI Applications Institute, ARPA: R.Tobin%uk.ac.ed at nss.cs.ucl.ac.uk
Edinburgh University. UUCP: ...!ukc!ed.ac.uk!R.Tobin
More information about the Comp.unix.wizards
mailing list