Worm/Passwords
Barry Margolin
barmar at think.COM
Sat Nov 12 03:07:31 AEST 1988
In article <251 at ispi.UUCP> jbayer at ispi.UUCP (id for use with uunet/usenet) writes:
>It is possible to adopt a single system, if that system is random.
As has been pointed out in many papers on security, random passwords
open up a big security hole. They are hard to remember, so users are
more likely to write them down. One of the rules of good password
management is "Don't write your password anywhere."
Multics has a password generator that tries to help in this regard.
Rather than generating a completely random string of characters, it
generated fake words. It has tables of syllables and digraphs, and
some rules for which syllables are likely to follow others in a
pronounceable word (probably based on a statistical analysis of
English). The syllables are then combined randomly, with skewing
based on the combination rules. These nonsense words are easier to
remember than completely random strings.
A problem with this Multics feature is that a cracker who knows that a
user uses a generated password could probably generate a list of all
the generated words in order of likely generation.
Barry Margolin
Thinking Machines Corp.
barmar at think.com
{uunet,harvard}!think!barmar
More information about the Comp.unix.wizards
mailing list