new password idea

Rob J. Nauta fidelio at geech.gnu.ai.mit.edu
Thu Apr 25 02:04:51 AEST 1991


In article <26616 at adm.brl.mil> poulin at polar.bowdoin.edu (Jeff Poulin) writes:
->I think as long as a password file is available for anyone to read, there
->will be some abuse.  Sure, it's dumb to use a word in the dictionary as a
->password, but I've seen ridiculously complicated passwords here these past
->few days.  No matter how confuscated your password may be, it still boils
->down to a guessing game between you and the cracker.  You try to pick a
->combination the cracker is not likely to try, and he (or she) will try to
->outsmart you by choosing it.
->
->If you're really worried about kids getting into your account (an adult who
->tries to pick people's passwords is considered a child in my book), then
->write a password program for yourself and run it from .cshrc (or
->whatever).  That way, even if someone breaks into your account, they
->still have another password to crack before they have access to your
->files.  If the second password is incorrect, your password program simply logs 
->you out.  Since the file with the password encryption resides in your account, 
->you don't have to worry that someone is cracking your password on some PC 
->somewhere.
->
->Jeff
->
->
->Jeff Poulin       poulin at polar.bowdoin.edu       jpoulin at bowdoin.bitnet

Hi

What would stop someone who has your password, and noticed the custom
program kicks him out, to ftp to your account, examine .profile or .login,
and even remove/alter them, or the password program itself ?

Rob




More information about the Comp.unix.wizards mailing list