Path: utzoo!utgpu!watmath!clyde!att!rutgers!mit-eddie!bu-cs!encore!bzs@encore.com From: bzs@encore.com (Barry Shein) Newsgroups: comp.unix.wizards Subject: Re: random passwords (was Re: Worm...) Message-ID: <4323@encore.UUCP> Date: 2 Dec 88 04:40:02 GMT References: <28399@tut.cis.ohio-state.edu> <278@aber-cs.UUCP> <10896@ulysses.homer.nj.att.com> <4302@encore.UUCP> <79354@sun.uucp> Sender: news@encore.UUCP Reply-To: bzs@encore.com (Barry Shein) Distribution: eunet,world Organization: Encore Computer Corp Lines: 22 In-reply-to: lm@snafu.Sun.COM (Larry McVoy) >If the failed number is greater than MAXFAIL/2, then warn the user that >he ought to reset his password (to anything, including what it was). >Resetting would clear the failed field. Now that I think about it, >you could print out the number of failed attempts to date at login time. >Users would know right away if someone had been beating on their >account. > >Wouldn't this be a much easier and more palatable way to solve the problem? > >Larry McVoy (lm%snafu@sun.com) It's not a bad idea and doesn't complicate/change the user interface but I think the concern was folks taking away your password file and running attempts on their own machine. Once, outside the 7-mile limit and many years ago, a friend recoded V7 crypt in tight assembler and broke the root password on the system "upstairs", fixed a few kernel bugs we'd been bitching about and rebooted the system. The reactions were mixed, tho folks seemed to like the improvements to the terminal driver :-) -Barry Shein, ||Encore||