Path: utzoo!utgpu!watmath!clyde!att!rutgers!mit-eddie!bu-cs!encore!bzs@encore.com
From: bzs@encore.com (Barry Shein)
Newsgroups: comp.unix.wizards
Subject: Re: random passwords (was Re: Worm...)
Message-ID: <4323@encore.UUCP>
Date: 2 Dec 88 04:40:02 GMT
References: <28399@tut.cis.ohio-state.edu> <278@aber-cs.UUCP> <10896@ulysses.homer.nj.att.com> <4302@encore.UUCP> <79354@sun.uucp>
Sender: news@encore.UUCP
Reply-To: bzs@encore.com (Barry Shein)
Distribution: eunet,world
Organization: Encore Computer Corp
Lines: 22
In-reply-to: lm@snafu.Sun.COM (Larry McVoy)

>If the failed number is greater than MAXFAIL/2, then warn the user that
>he ought to reset his password (to anything, including what it was).
>Resetting would clear the failed field.  Now that I think about it,
>you could print out the number of failed attempts to date at login time.
>Users would know right away if someone had been beating on their
>account.
>
>Wouldn't this be a much easier and more palatable way to solve the problem?
>
>Larry McVoy      (lm%snafu@sun.com)

It's not a bad idea and doesn't complicate/change the user interface
but I think the concern was folks taking away your password file and
running attempts on their own machine.

Once, outside the 7-mile limit and many years ago, a friend recoded V7
crypt in tight assembler and broke the root password on the system
"upstairs", fixed a few kernel bugs we'd been bitching about and
rebooted the system. The reactions were mixed, tho folks seemed to
like the improvements to the terminal driver :-)

	-Barry Shein, ||Encore||