Xref: utzoo alt.security:797 comp.protocols.tcp-ip:11625 alt.sys.sun:966
Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uunet!samsung!usc!apple!mrspoc!mrspoc!kayvan
From: kayvan@mrspoc.Transact.COM (Kayvan Sylvan)
Newsgroups: alt.security,comp.protocols.tcp-ip,alt.sys.sun
Subject: Re: anonymous ftp, and the dangers thereof
Message-ID: <KAYVAN.90Jun7140610@mrspoc.Transact.COM>
Date: 7 Jun 90 21:06:10 GMT
References: <1990Apr20.192233.4092@utzoo.uucp> <6721@blake.acs.washington.edu>
	<BT+2NO5xds13@ficc.uu.net> <PMY$TW?@b-tech.uucp>
	<1990Jun3.152118.4758@cunixf.cc.columbia.edu>
	<19105:Jun616:44:3190@stealth.acf.nyu.edu>
Sender: kayvan@mrspoc.Transact.COM (Kayvan Sylvan)
Distribution: usa
Organization: Transact Software, Inc., Los Altos, CA
Lines: 21
In-Reply-To: brnstnd@stealth.acf.nyu.edu's message of 6 Jun 90 16:44:31 GMT

>>>>> "brnstnd" == brnstnd <brnstnd@stealth.acf.nyu.edu> writes:

brnstnd> What's the solution? Mix 'n' match. A password has, say, two
brnstnd> parts: one chosen by the user and neither expired nor
brnstnd> restricted, one generated randomly by the system and changed
brnstnd> periodically (some sizable fraction of a year). The first
brnstnd> part is NEVER written down; users are told that if they write
brnstnd> down the first part, they'll be drawn and quartered. The
brnstnd> second part is almost certainly written down, typically on a
brnstnd> piece of paper in the user's desk; users are explicitly told
brnstnd> that this is okay.

Hmmm... Interesting. If the paper on which the second part is written
down is kept locked up (or otherwise is inaccesible to random
snooping), then it jut might work.

			---Kayvan
-- 
| Kayvan Sylvan @ Transact Software, Inc. -*-  Los Altos, CA (415) 961-6112 |
| Internet: kayvan@{mrspoc.Transact.com, eris.berkeley.edu, largo.ig.com}   |
| UUCP: ...!{apple,pyramid,bionet,mips}!mrspoc!kayvan "Imagine Cute Saying" |