Path: utzoo!utgpu!watmath!clyde!att!rutgers!ukma!uflorida!novavax!proxftl!twwells!bill
From: bill@twwells.uucp (T. William Wells)
Newsgroups: comp.unix.wizards
Subject: Re: Worm/Passwords
Message-ID: <231@twwells.uucp>
Date: 1 Dec 88 05:45:49 GMT
References: <22401@cornell.UUCP> <4627@rayssd.ray.com> <251@ispi.UUCP> <205@twwells.uucp> <8981@smoke.BRL.MIL> <220@twwells.uucp> <8998@smoke.BRL.MIL>
Reply-To: bill@twwells.UUCP (T. William Wells)
Organization: None, Ft. Lauderdale
Lines: 24

In article <8998@smoke.BRL.MIL> gwyn@brl.arpa (Doug Gwyn (VLD/VMB) ) writes:
: In article <220@twwells.uucp> bill@twwells.UUCP (T. William Wells) writes:
: >     ... lassword ...
:
: Oh, but I can't let you have the lassword!

But I haven't cried `youncall' yet! :-)

: I didn't mean to imply that this approach wasn't viable, but I
: couldn't resist the experiment and thought (since the posted travesty
: program wasn't runnable on anything except MS-DOS) that an illustration
: of what "travesty" produces might be informative to many readers.

I didn't think you were; I was just addressing a valid objection
raised elsewhere about password generators.  The travesty program has
the benefit of augmenting its random generator with additional data
that the crasher has to get to before he can crack the password.

This eliminates the problem with a crasher simply running a generator
program through all its possible states.

---
Bill
{uunet|novavax}!proxftl!twwells!bill