Worm/Passwords

Fri Nov 11 00:47:21 AEST 1988

In article <4627 at rayssd.ray.com>, gmp at rayssd.ray.com (Gregory M. Paris) writes:
> In article <22401 at cornell.UUCP> piatko at cs.cornell.edu (Christine Piatko) writes:
> > they are easy to remember.  A better technique, to come up with safer 
> > password, is to pick a phrase and use the initial letters and numbers: 
> > 'A stitch in time saves nine' for the password asits9.
> 
> I just used this heuristic to crack passwords on our system and found ten of
> them!  Just kidding.  The point is that adopting any single system is not the
> answer.  No one system is better than any other, once it becomes well known.
> Encouraging the use of more password selection methods is what is really
> desired.

It is possible to adopt a single system, if that system is random.  For 
example, I have included below a random password generating program, written
for SYS V, but I have been told that it does compile on BSD (please, no flames)
BSD systems may have to change the lines with srand48() and lrand48().

To compile it type:

cc (any local flags) -DMAIN randpass.c -o randpass

It can also be compiled as a callable function.  To compile it this way type:

cc (any local flags) randpass.c -c

When calling the program use the following options:

	-a		to use all printable characters instead of
			letters + numbers only

	-s #		where # is the length of the generated password

	-n #		where # is the number of passwords to generate.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

#include	<stdio.h>
#include	<ctype.h>
/*
 * randpass.c -- generate really random passwords. For SYS V Unixes only.
 * Includes all ASCII chars '0' through 'z', except '@' and '\\'
 */
#define PASSCHARS 80
#define TRUE		1
#define FALSE		0

#ifdef	MAIN
main(argc, argv)
#else
char	*randpass(argc, argv)
#endif

int	argc;
char	*argv[];
{
int	i, c;
static char	s[PASSCHARS+1];
extern long	lrand48();
extern void	srand48();
extern long	time();
int		DFLT_LEN = 8;
int		option, err = 0, all = 0, num = 1;
char		*program;
extern char	*optarg;

	program = *argv;
	while (( option = getopt(argc, argv, "as:n:")) != EOF) {
		switch (option) {
			case 's':	DFLT_LEN = atoi(optarg);
					while (*optarg) {
						if (!isdigit(*optarg)) {
							err = TRUE;
							break;
						}
						optarg++;
					}

					if ( !err && (DFLT_LEN <2 || DFLT_LEN > PASSCHARS) ) {
						fprintf(stderr,"Invalid size for password\n");
						exit(1);
					}
					break;
			case 'a':	all++;
					break;
			case 'n':	num = atoi(optarg);
					while (*optarg) {
						if (!isdigit(*optarg)) {
							err = TRUE;
							break;
						}
						optarg++;
					}
					break;
			default:	err = TRUE;
		}
		if (err) break;
	}
	if (err) {
		fprintf(stderr,"%s: [ -a ] [ -s # ] [ -n # ]\n",program);
		exit(-1);
	}

	srand48(time((long *)0));

	while (num--) {
		for (i = 0; i < DFLT_LEN; ++i)
		{
			while ((c = lrand48() % 75 + '0') == '@' || c == '\\' ||
				( !all  && (
				( c < 65 && c > 57) ||
				( c > 90 && c < 97) ) ) )
				;
			s[i] = c;
		}
#ifdef	MAIN
		s[DFLT_LEN] = '\n';
		write (1, s, DFLT_LEN+1);
#else
		s[DFLT_LEN] = 0;
		return s;
#endif
	}
	exit(0);
}  /* randpass.c */