Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!udel!haven.umd.edu!ncifcrf!lhc!adm!news
From: poulin@polar.bowdoin.edu (Jeff Poulin)
Newsgroups: comp.unix.wizards
Subject: new password idea
Message-ID: <26616@adm.brl.mil>
Date: 22 Apr 91 00:39:32 GMT
Sender: news@adm.brl.mil
Lines: 22

I think as long as a password file is available for anyone to read, there
will be some abuse.  Sure, it's dumb to use a word in the dictionary as a
password, but I've seen ridiculously complicated passwords here these past
few days.  No matter how confuscated your password may be, it still boils
down to a guessing game between you and the cracker.  You try to pick a
combination the cracker is not likely to try, and he (or she) will try to
outsmart you by choosing it.

If you're really worried about kids getting into your account (an adult who
tries to pick people's passwords is considered a child in my book), then
write a password program for yourself and run it from .cshrc (or
whatever).  That way, even if someone breaks into your account, they
still have another password to crack before they have access to your
files.  If the second password is incorrect, your password program simply logs 
you out.  Since the file with the password encryption resides in your account, 
you don't have to worry that someone is cracking your password on some PC 
somewhere.

Jeff


Jeff Poulin       poulin@polar.bowdoin.edu       jpoulin@bowdoin.bitnet