Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!cwjcc!ukma!uflorida!novavax!proxftl!twwells!bill
From: bill@twwells.uucp (T. William Wells)
Newsgroups: comp.unix.wizards
Subject: Re: Worm/Passwords
Message-ID: <238@twwells.uucp>
Date: 5 Dec 88 03:02:57 GMT
References: <22401@cornell.UUCP> <4627@rayssd.ray.com> <251@ispi.UUCP> <205@twwells.uucp> <8981@smoke.BRL.MIL> <220@twwells.uucp> <8998@smoke.BRL.MIL> <231@twwells.uucp> <3345@tekcrl.CRL.TEK.COM>
Reply-To: bill@twwells.UUCP (T. William Wells)
Organization: None, Ft. Lauderdale
Lines: 35

In article <3345@tekcrl.CRL.TEK.COM> eirik@tekcrl.TEK.COM (Eirik Fuller) writes:
: In article <231@twwells.uucp> bill@twwells.UUCP (T. William Wells) writes:
: )                        I was just addressing a valid objection
: ) raised elsewhere about password generators.  The travesty program has
: ) the benefit of augmenting its random generator with additional data
: ) that the crasher has to get to before he can crack the password.
: )
: ) This eliminates the problem with a crasher simply running a generator
: ) program through all its possible states.
:
: Yes, it means he has to guess the meta-password too :-)

Yes, but consider the difficulty the crasher has if he has to guess
say, the contents of some random read protected file plus some random
dictionary? I keep a copy of my incoming and outgoing mail and
interesting news messages in a protected directory; it amounts to
several megabytes. Imagine a crasher trying to figure out the
probabilities from that!

Not only that, but it changes all the time; in order to use this
information to work on my password, he'd have to snarf the data at
the time I changed the password.

And it'd be of no use to him the next time I changed my password.

: The real problem with generated passwords is remembering them, not
: guessing them.

Well, the point of this discussion is how to create a reasonably
crasher-proof password generator that also creates passwords that can
be reasonably easily remembered.

---
Bill
{uunet|novavax}!proxftl!twwells!bill