Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!emory!athena.cs.uga.edu!mcovingt
From: mcovingt@athena.cs.uga.edu (Michael A. Covington)
Newsgroups: comp.org.eff.talk
Subject: Re: Passwords
Message-ID: <1991Jun11.221113.14213@athena.cs.uga.edu>
Date: 11 Jun 91 22:11:13 GMT
References: <14907.28501E2D@fidogate.FIDONET.ORG>
Organization: University of Georgia, Athens
Lines: 28

In article <14907.28501E2D@fidogate.FIDONET.ORG> Cyrano.De@f111.n125.z1.FIDONET.ORG (Cyrano De) writes:
>Forgive me for jumping in mid-stream, but why would a person want to keep changing passwords?  I'm not being fasicious (is that *darn* word spelled right?), just naive and paranoid (both at once!).
>

Well, I can't tell if you meant "facetious" or "fascist" but I'll
give you credit for not being either one!  :)

The main reason for changing passwords is that eventually, your password
may fall into the wrong hands without your knowing it. A common trick
is to obtain copies of /etc/passwd files from UNIX systems. The passwords
on them are encrypted, but password-guessing programs (relatively slow)
can be used to crack some of them.

I happen to know that a rather out-of-date copy of the /etc/passwd file
from one of my machines has fallen into unauthorized hands. We change
our passwords often enough that this file is now worthless, though it is
still circulating.

In the "cracker" community it is not uncommon to be given passwords that are
five years old, or so I hear.



-- 
-------------------------------------------------------
Michael A. Covington | Artificial Intelligence Programs
The University of Georgia  |  Athens, GA 30602   U.S.A.
-------------------------------------------------------