Passwords

Dan Bernstein brnstnd at kramden.acf.nyu.edu
Thu Apr 25 20:47:07 AEST 1991


In article <1071 at seeker.MYSTIC.COM> chip at seeker.MYSTIC.COM (David "Chip" Reynolds) writes:
> If you want to have accountability, or if you want to protect an account,
> fixed passwords just aren't the answer.
  [ ... ]
> The point of this post being: Fixed Passwords CAN'T work. Dynamic passwords
> are the only viable answer.

No. There is nothing inherently wrong with fixed passwords. In fact, the
smartcard that you mention does have a fixed password---it just doesn't
tell anyone what that password is. If you're going to advertise a
product on the net, you should at least stop confusing the issues.

There *do* exist communications systems with dynamic passwords: both
sides of a secure link must stay synchronized at all times, and there
really is no fixed state. This is generally not appropriate for
passwords.

---Dan



More information about the Comp.unix.wizards mailing list