Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 5/3/83; site utcsrgv.UUCP Path: utzoo!utcsrgv!dave From: dave@utcsrgv.UUCP (Dave Sherman) Newsgroups: net.unix-wizards Subject: a thought about UNIX login security Message-ID: <1518@utcsrgv.UUCP> Date: Mon, 13-Jun-83 15:59:56 EDT Article-I.D.: utcsrgv.1518 Posted: Mon Jun 13 15:59:56 1983 Date-Received: Mon, 13-Jun-83 19:12:09 EDT Organization: CSRG, University of Toronto Lines: 13 Back in the days of v6, login would only prompt for a password if a valid login was given. Then people realized that that gave away valid login names and made breaking in easier. So now login prompts for a password whether or not the login name is valid. But nowadays, all kinds of login names are freely available from the net, so this protection is a little less useful. Admittedly, most would-be break-in-ers aren't on the net, and the net doesn't give anything approaching a complete list of logins at a given site, but it's a thought.... Dave Sherman Toronto