Newsgroups: comp.archives Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!caen!ox.com!msen.com!emv From: bdh@uchicago (Brian D. Howard) Subject: [alt.security] Re: Hacking Message-ID: <1991Apr5.073410.23806@ox.com> Followup-To: alt.security Sender: emv@msen.com (Edward Vielmetti, MSEN) Reply-To: bdh@uchicago (Brian D. Howard) Organization: University of Chicago References: <1991Mar27.094325.24599@en.ecn.purdue.edu>> <1991Mar28.154647.24831@cunixf.cc.columbia.edu> Date: Fri, 5 Apr 1991 07:34:10 GMT Approved: emv@msen.com (Edward Vielmetti, MSEN) X-Original-Newsgroups: alt.security Archive-name: security/password/emx-npasswd/1991-04-01 Archive-directory: emx.utexas.edu:/pub/npasswd/ [128.83.1.33] Original-posting-by: bdh@uchicago (Brian D. Howard) Original-subject: Re: Hacking Reposted-by: emv@msen.com (Edward Vielmetti, MSEN) fuat@cunixf.cc.columbia.edu (Fuat C. Baran) writes: >"An ounce of prevention is worth a pound of cure." If you really want >to enforce a policy of "reasonable" passwords (e.g. not in a >dictionary, not personal name, variation of username, etc.) the place >to do it would be in /bin/passwd when the user is setting the >password. At that time you have the plaintext password and you can do >whatever checks you want and give users instant feedback on their >choice of password. No need to crack passwords after the fact. I'm >sure you could put your CPU cycles to better use than making attempts >to crack your users' passwords. Besides what is a practical and >acceptable frequency for running your password cracker for it to be >worth the effort? ftp pub/npasswd/npasswd.tar.Z (or the shar files) from emx.utexas.edu THat should do the trick. -- "Hire the young while they still know everything."