Xref: utzoo alt.security:765 comp.protocols.tcp-ip:11576 alt.sys.sun:952
Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uwm.edu!rpi!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!aplcen!haven!adm!cmcl2!stealth.acf.nyu.edu!brnstnd
From: brnstnd@stealth.acf.nyu.edu
Newsgroups: alt.security,comp.protocols.tcp-ip,alt.sys.sun
Subject: Re: anonymous ftp, and the dangers thereof
Message-ID: <18899:Jun616:32:4490@stealth.acf.nyu.edu>
Date: 6 Jun 90 16:32:44 GMT
References: <1990Apr20.192233.4092@utzoo.uucp> <6721@blake.acs.washington.edu> <BT+2NO5xds13@ficc.uu.net> <PMY$TW?@b-tech.uucp>
Reply-To: brnstnd@stealth.acf.nyu.edu (Dan Bernstein)
Distribution: usa
Organization: IR
Lines: 11

In article <PMY$TW?@b-tech.uucp> zeeff@b-tech.ann-arbor.mi.us (Jon Zeeff) writes:
> All this emphasis on turning off tftp and waiting for shadow password 
> files may be clouding the simpler and more effective solution.  Force 
> users to pick good passwords!  Something with some non-alpha 
> characters and mixed case (not the first letter capital).  

Oh, wonderful. Changing 3 bits of information per character to 3.2 bits
per character will slow down the average ``crack'' from fifteen million
encryptions to forty million encryptions. Big deal.

---Dan