Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!elroy.jpl.nasa.gov!decwrl!world!bzs From: bzs@world.std.com (Barry Shein) Newsgroups: comp.unix.wizards Subject: Re: Passwords Message-ID: Date: 15 Apr 91 20:02:37 GMT References: <26518@adm.brl.mil> <14248: Apr1204: 14:4891@kramden.acf.nyu.edu> <1991Apr12.120209.21241@mp.cs.niu.edu> <17401: Apr1307:58:0691@kramden.acf.nyu.edu> Sender: bzs@world.std.com (Barry Shein) Organization: The World Lines: 23 In-Reply-To: brnstnd@kramden.acf.nyu.edu's message of 13 Apr 91 07: 58:06 GMT Years ago I suggested on this list that vendors modify the password algorithm so that at system installation a key could be entered which perturbs its behavior on a per-machine basis (obviously a system admin could choose to use the same key on every machine in an area so password files could be shared.) This would frustrate the possibility of someone on the outside picking up the encryptions and working on it on another machine. The hostname isn't a great idea because everyone knows the hostname. I'd lean towards a key that was entered (possibly into NVRAM, tho other schemes could be devised) when the system was installed. From there on it would just be automatically used to encrypt tries. Standardization is a wonderful thing, but perhaps some things just shouldn't be so standardized. -- -Barry Shein Software Tool & Die | bzs@world.std.com | uunet!world!bzs Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD