Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!think.com!snorkelwacker.mit.edu!ai-lab!geech.gnu.ai.mit.edu!fidelio
From: fidelio@geech.gnu.ai.mit.edu (Rob J. Nauta)
Newsgroups: comp.unix.wizards
Subject: Re: new password idea
Message-ID: <15240@life.ai.mit.edu>
Date: 24 Apr 91 16:04:51 GMT
References: <26616@adm.brl.mil>
Sender: news@ai.mit.edu
Organization: The TimeWasters
Lines: 32

In article <26616@adm.brl.mil> poulin@polar.bowdoin.edu (Jeff Poulin) writes:
->I think as long as a password file is available for anyone to read, there
->will be some abuse.  Sure, it's dumb to use a word in the dictionary as a
->password, but I've seen ridiculously complicated passwords here these past
->few days.  No matter how confuscated your password may be, it still boils
->down to a guessing game between you and the cracker.  You try to pick a
->combination the cracker is not likely to try, and he (or she) will try to
->outsmart you by choosing it.
->
->If you're really worried about kids getting into your account (an adult who
->tries to pick people's passwords is considered a child in my book), then
->write a password program for yourself and run it from .cshrc (or
->whatever).  That way, even if someone breaks into your account, they
->still have another password to crack before they have access to your
->files.  If the second password is incorrect, your password program simply logs 
->you out.  Since the file with the password encryption resides in your account, 
->you don't have to worry that someone is cracking your password on some PC 
->somewhere.
->
->Jeff
->
->
->Jeff Poulin       poulin@polar.bowdoin.edu       jpoulin@bowdoin.bitnet

Hi

What would stop someone who has your password, and noticed the custom
program kicks him out, to ftp to your account, examine .profile or .login,
and even remove/alter them, or the password program itself ?

Rob