Path: utzoo!attcan!utgpu!watmath!iuvax!mailrus!ncar!stout!thor
From: thor@stout.ucar.edu (Rich Neitzel)
Newsgroups: comp.unix.wizards
Subject: Re: PASSWORD GUESSING
Message-ID: <4020@ncar.ucar.edu>
Date: 18 Aug 89 13:44:52 GMT
References: <20648@adm.BRL.MIL>
Reply-To: thor@stout.UCAR.EDU (Rich Neitzel)
Organization: Field Observing Facility, NCAR, Boulder, CO
Lines: 21

In article <20648@adm.BRL.MIL> Kemp@DOCKMASTER.NCSC.MIL writes:
>Any time a human tries to think up a "random" password, chances are it
>won't be as "random" as a machine could choose.  So why not have the
>machine generate it for you, and stop worrying.  The system I am using
>now enforces the use of machine-generated pronounceable passwords, and
>VMS systems can also generate them, although our system managers didn't
>make them mandatory.  I think there are similar programs floating around
>the unix archives.
>
I formerly worked at a clessified DOE site and all passwords for 
classified computers were machine generated. However, there was added
twist - a password generated on machine A could not be used on that machine or 
any simularly configured machine. For example, VAX/VMS generated passwords were
used on the HPs, IBM's on the VAX, etc. The reasoning was that to try and
crack the generator required access to two machines, which hopefully was
difficult enough to reduce the likelyhood of its occurrence.




-------------------------------------------------------------------------------