password aging

Steven M. Bellovin smb at ulysses.homer.nj.att.com
Wed Nov 30 08:56:24 AEST 1988


In article <9001 at smoke.BRL.MIL>, gwyn at smoke.BRL.MIL (Doug Gwyn ) writes:
} In article <17648 at adm.BRL.MIL> rbj at nav.icst.nbs.gov (Root Boy Jim) writes:
} >I happen to believe that
} >one should only choose *one* password *in their entire lifetime* and
} >stick with it until one has reason to believe it has been compromised.
} 
} This should be modified somewhat; so long as the same encryption scheme
} is being used, and the password is not thought to be vulnerable to the
} standard attacks, one is sufficient until it is compromised.  However,
} it would be folly to use your well-protected UNIX password on a public
} BBS, for example, because very likely the password on the BBS is NOT so
} well protected, and once it is stolen there it could be used to enter
} your supposedly more secure system.  I tend to use a single (different)
} password at each level of security, one for my accounts on public BBSes
} and the like, where I don't much care if it's compromised, and one for
} each type of protection (such as UNIX crypt()) on better-protected systems.

Let me stress this further.  One should also use different passwords for
different authentication domains.  I don't use the same password for my
home machines as I do for other Bell Labs machines in other organizations.
I'm guarding against several things, not just the cryptographic (or other)
security of /etc/passwd, but also against boobytrapped login commands, etc.
See the Grampp/Morris paper on UNIX system security for more details.



More information about the Comp.unix.wizards mailing list