Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!linus!genrad!decvax!cca!dee
From: dee@cca.UUCP
Newsgroups: net.unix-wizards
Subject: Re: Passwords
Message-ID: <4995@cca.UUCP>
Date: Thu, 23-Jun-83 22:18:59 EDT
Article-I.D.: cca.4995
Posted: Thu Jun 23 22:18:59 1983
Date-Received: Fri, 24-Jun-83 22:49:24 EDT
Lines: 11

How about hacking passwd so that when you change your password it first
checks that you are really changing it and that your new password is not
in a database of old passwords.  If you flunk that test, it does
nothing.  If you pass, it changes your password and adds your old one to
the database.  In time, combined with a few complexity and length
checks, it should make passwords pretty secure.  If passwords went stale
and stopped working if you didn't change them once every N months, it
would be even better.
						Donald Eastlake
						dee@cca-unit
						decvax!cca!dee