Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!lgc.com!mips.mitek.com!convex!linac!mp.cs.niu.edu!bennett
From: bennett@mp.cs.niu.edu (Scott Bennett)
Newsgroups: comp.unix.wizards
Subject: Re: new password idea
Message-ID: <1991Apr26.215927.6146@mp.cs.niu.edu>
Date: 26 Apr 91 21:59:27 GMT
References: <14655@ulysses.att.com> <1991Apr25.154954.14372@chinet.chi.il.us> <1991Apr26.171549.10502@escom.com>
Organization: Northern Illinois University
Lines: 39

In article <1991Apr26.171549.10502@escom.com> al@escom.com (Al Donaldson) writes:
>Once when I was testing someone's operating system, I thought it
>would be interesting to find out what really happen when I exceeded
>the bad password count for root.  So I just sat there at the console
>blindly typing random junk for the root password.  After a small
>number of tries (less than 10), it made me root.
>
>  [text deleted  --SJB]
>
>Insufficient testing, wrong people working on critical code, and
>too many damn bells and whistles.  There is something to be said
>for simplicity in critical programs like login.  Specially if
>the vendor doesn't have time to test every release extensively
>and document it completely (or release the code).

     This is hard to argue with, but really doesn't address the 
issue.  The existence of broken and/or poorly designed software
doesn't have much to do with the need for security.  In other words,
having a broken ratchet on your socket wrench doesn't mean you should
try to make do with a pair of pliers.  It means you should get a
different socket wrench.
>
>Al
>


                                  Scott Bennett, Comm. ASMELG, CFIAG
                                  Systems Programming
                                  Northern Illinois University
                                  DeKalb, Illinois 60115
**********************************************************************
* Internet:       bennett@cs.niu.edu                                 *
* BITNET:         A01SJB1@NIU                                        *
*--------------------------------------------------------------------*
*  "Spent a little time on the mountain, Spent a little time on the  *
*   Hill, The things that went down you don't understand, But I      *
*   think in time you will."  Oakland, 19 Feb. 1991, first time      *
*  since 25 Sept. 1970!!!  Yippee!!!!  Wondering what's NeXT... :-)  *
**********************************************************************