60-second timeout in Unix login

John Chambers jc at minya.UUCP
Tue Feb 16 01:05:41 AEST 1988


In article <465 at xios.XIOS.UUCP>, greg at xios.XIOS.UUCP (Greg Franks) writes:
> In article <721X at jimi.cs.unlv.edu> robert at jimi.cs.unlv.edu (Robert Cray) writes:
> >...I hear that in the next (4.7?) version of vms, it will
> >remember the last 6 passwords so that a->b->a (which is what I always do)
> >will be more painful.  
> 
> Do what everyone else does - change your password at the beginning of
> the month to the name of the month :-).
> 
Nah, I just change it to what it was before.  That's much easier to remember,
and since Unix encrypts it differently each time, the administrators have
no way of knowing that I'm doing it.

If VMS can actually determine that you have used the same password, then it
is either keeping your unencrypted password somewhere, or it encrypts it the
same each time.  Either is a major security hole, of course, and you should
refuse to use the system (on security grounds) until they correct the problem.

(Actually, there is a third possibility, that it is unencrypting the encrypted
passwords for comparison, but not even VMS hackers would do that routinely! :-)
[[I sure hope that's a joke! ;-]]

-- 
John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)



More information about the Comp.unix.wizards mailing list