Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!genrad!decvax!cca!dee From: dee@cca.UUCP Newsgroups: net.unix-wizards Subject: Re: Passwords Message-ID: <4995@cca.UUCP> Date: Thu, 23-Jun-83 22:18:59 EDT Article-I.D.: cca.4995 Posted: Thu Jun 23 22:18:59 1983 Date-Received: Fri, 24-Jun-83 22:49:24 EDT Lines: 11 How about hacking passwd so that when you change your password it first checks that you are really changing it and that your new password is not in a database of old passwords. If you flunk that test, it does nothing. If you pass, it changes your password and adds your old one to the database. In time, combined with a few complexity and length checks, it should make passwords pretty secure. If passwords went stale and stopped working if you didn't change them once every N months, it would be even better. Donald Eastlake dee@cca-unit decvax!cca!dee