Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!gem.mps.ohio-state.edu!ginosko!usc!apple!voder!pyramid!prls!gordon From: gordon@prls.UUCP (Gordon Vickers) Newsgroups: comp.unix.wizards Subject: Re: PASSWORD GUESSING Message-ID: <25094@prls.UUCP> Date: 21 Aug 89 16:39:07 GMT References: <1919@aucs.UUCP> <737@rwing.UUCP> <1043@accuvax.nwu.edu> <3532@internal.Apple.COM> <3126@rti.UUCP> <24888@prls.UUCP> <36830@bu-cs.BU.EDU> <16924@rpp386.Dallas.TX.US> Reply-To: gordon@prls.UUCP (Gordon Vickers) Organization: Philips Research Labs, Sunnyvale, California Lines: 35 In article <16924@rpp386.Dallas.TX.US> jfh@rpp386.cactus.org (John F. Haugh II) writes: ->In article <36830@bu-cs.BU.EDU> madd@buit15.bu.edu (Jim Frost) writes: ->>In article <24888@prls.UUCP> gordon@prls.UUCP (Gordon Vickers) writes: ->>| The advice I see most often, and use myself is to simply pick ->>| two unrelated words that are seperated by a symbol, with the entire ->>| password being seven or eight charectors in length. Care to figure ->>| what the odds are of a hacker breaking it ? ->> ->>Sure. Very good if the hacker has (exclusive) access to a good ->>parallel machine, or access to several PC's and a good crypt() ->>implementation. -> ->I'd say its a virtual certainty any good programmer could break that ->system in a very small amount of time. -> ->A few questions crop up - how many three or four letter words are ->there, versus possible three or four letter combinations of letters. ->Next, how many special symbols are there. -> ->The answer should be a small enough number for my PC to get it over ->one or two nights of crunching. ->-- On a PC ? Anyone care to try ? Here's my password from another Unix machine: gordon:FM9M5x3Dlt/ao:202:40:Gordon Vickers,5370,9021,69,:/a/gordon:/bin/csh The password was choosen as I recommended and each of the two words can be found in the New Websters's Dictionary of the English Language. Remember though, you must use a P.C. If you can do it, I'd be interested in knowing how. I'm no expert on security but I am interested since I manage another multiuser system. Gordon Vickers 408/991-5370 (Sunnyvale,Ca); {mips|pyramid|philabs}!prls!gordon ------------------------------------------------------------------------------ Every extinction, whether animal, mineral, or vegetable, hastens our own demise.