Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!genrad!mit-eddi!mit-vax!eagle!harpo!seismo!hao!hplabs!sri-unix!satz@sri-tsc From: satz%sri-tsc@sri-unix.UUCP Newsgroups: net.unix-wizards Subject: Re: a thought about UNIX login security Message-ID: <2265@sri-arpa.UUCP> Date: Fri, 17-Jun-83 10:45:00 EDT Article-I.D.: sri-arpa.2265 Posted: Fri Jun 17 10:45:00 1983 Date-Received: Sun, 19-Jun-83 17:20:04 EDT Lines: 20 We have a similar program that beats up the passwd file looking for "easy" passwords. But instead of attacking the problem from a defensive standpoint, we took an offensive one. We modified the passwd program to do some more checking before allowing users to set there passwords. If we get a hit, we don't let the user use that particular password and ask for another one: 1) check his username forwards and backwards 2) check his personel name forwards and backwards, first and last 3) a list of common phrases (and nonwords) forwards and backwards 4) the entire dictionary forwards and backwards Believe it or not, it doesn't take more then 2-3 minutes to change your password (on an 11/44) since it uses clear text in its testing. This is pretty paraniod, I realize, but it is effective. It can be rather frustrating to choose a new password, however. The only real "hole" left in passwd is that we will still allow small passwords to persistant users.