Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!dali.cs.montana.edu!uakari.primate.wisc.edu!caen!ox.com!math.fu-berlin.de!unido!mikros!mwtech!martin From: martin@mwtech.UUCP (Martin Weitzel) Newsgroups: comp.unix.sysv386 Subject: Re: SCO password generator Message-ID: <1142@mwtech.UUCP> Date: 21 May 91 12:55:05 GMT References: <1991May06.144015.17086@dircon.co.uk> <1991May14.040042.15199@jpradley.jpr.com> Reply-To: martin@mwtech.UUCP (Martin Weitzel) Organization: MIKROS Systemware, Darmstadt/W-Germany Lines: 36 In article <1991May14.040042.15199@jpradley.jpr.com> jpr@jpradley.jpr.com (Jean-Pierre Radley) writes: >In article <1991May06.144015.17086@dircon.co.uk> uaa1006@dircon.co.uk (Peter Miles) writes: >>Does anyone know if it's possible to access the SCO UNIX password >>generator from outside the 'passwd' command? >> >>(The generator outputs a pronounceable, but non-real word for >>more password security.) > >Since it's part of a binary program -- /bin/passwd --, I'd say the answer is >no, unless you have a nice convenient way to disassemble /bin/passwd and >extract just that part of the code. NOTE: The following may or may not be applicable to SCO UNIX, but here is just one subtlety you should consider if you ever think about password generators: Be sure that the period of the generated passwords is really BIG. E.g. if you take the 95 printing characters and use full length passwords (8 chars), you have 95 ^ 8 == 6 634 204 312 890 625 different passwords. On the other hand, if some generator is based on random `long int's, you'll probably end up with only 2 ^ 32 == 4 294 967 296 different passwords. Of course the generator will be seeded in a user specific way but that does not change its period! The important point here is that some intruder may prepare a list of encoded vs. clear text passwords and use it to break into your system. The time to compile and the size of such a list 1.5 millions larger in the former than in the latter case!! -- Martin Weitzel, email: martin@mwtech.UUCP, voice: 49-(0)6151-6 56 83