Improving password security
Barry Shein
bzs at encore.com
Wed Nov 30 08:14:56 AEST 1988
>On another issue, aren't the ``automated password'' camp completely off
>the beam? With that style of password choice there's no point in
>cracking the _password_. Attack would be focused on the password
>_generator_ function. Unless, of course, the generator algorithm is
>at least equally difficult to crack.
>
>Boyd Roberts NEC Information Systems Australia
I tend to agree with you, now we'll spend the next year or two finding
out how non-random the supposedly random password generators are (or
perhaps 15 minutes once some evil person exploits the fact...)
I believe a change to the passwd program demanding 8 character
passwords (perhaps 7 chars, that's an easy thing to calculate) with
some reasonable rules to avoid dictionary words etc (like must have at
least one punctuation and/or mixed case and/or digits) would be
sufficient and people can get back to more important things. In
fact easy to remember passwords like:
Hey%Jude
RunUnix!
Lemme+In
are quite hard to crack unless you have some reason to guess that sort
of thing. People are pretty good generators if someone explains to
them what the game is.
-Barry Shein, ||Encore||
More information about the Comp.unix.wizards
mailing list