Path: utzoo!utgpu!watmath!clyde!att!ulysses!smb
From: smb@ulysses.homer.nj.att.com (Steven M. Bellovin)
Newsgroups: comp.unix.wizards
Subject: Re: password aging
Message-ID: <10903@ulysses.homer.nj.att.com>
Date: 29 Nov 88 22:56:24 GMT
References: <17648@adm.BRL.MIL> <9001@smoke.BRL.MIL>
Organization: AT&T Bell Laboratories, Murray Hill
Lines: 23

In article <9001@smoke.BRL.MIL>, gwyn@smoke.BRL.MIL (Doug Gwyn ) writes:
} In article <17648@adm.BRL.MIL> rbj@nav.icst.nbs.gov (Root Boy Jim) writes:
} >I happen to believe that
} >one should only choose *one* password *in their entire lifetime* and
} >stick with it until one has reason to believe it has been compromised.
} 
} This should be modified somewhat; so long as the same encryption scheme
} is being used, and the password is not thought to be vulnerable to the
} standard attacks, one is sufficient until it is compromised.  However,
} it would be folly to use your well-protected UNIX password on a public
} BBS, for example, because very likely the password on the BBS is NOT so
} well protected, and once it is stolen there it could be used to enter
} your supposedly more secure system.  I tend to use a single (different)
} password at each level of security, one for my accounts on public BBSes
} and the like, where I don't much care if it's compromised, and one for
} each type of protection (such as UNIX crypt()) on better-protected systems.

Let me stress this further.  One should also use different passwords for
different authentication domains.  I don't use the same password for my
home machines as I do for other Bell Labs machines in other organizations.
I'm guarding against several things, not just the cryptographic (or other)
security of /etc/passwd, but also against boobytrapped login commands, etc.
See the Grampp/Morris paper on UNIX system security for more details.