Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!sdd.hp.com!zaphod.mps.ohio-state.edu!cis.ohio-state.edu!sei.cmu.edu!df
From: df@sei.cmu.edu (Dan Farmer)
Newsgroups: comp.org.eff.talk
Subject: Re: Should we let students run COPS to get each other's passwords?
Message-ID: <27141@as0c.sei.cmu.edu>
Date: 17 Jun 91 16:15:21 GMT
References: <1991Jun14.193545.24869@athena.cs.uga.edu> <1991Jun17.144526.16230@ddsw1.MCS.COM>
Sender: netnews@sei.cmu.edu
Lines: 17

In article <foo>, learn@ddsw1.MCS.COM (William Vajk) writes:
> Of course the entire purpose of passwords is security through secrecy.
> One that I used as a root password, 'welcom'
> Misspellings are great. Classical words and terms not found in dictionaries
> are just as good.

  Not if you don't want to get broken into.  Larger, more comprehensive
on line dictionaries are becoming easier to get access to.  *Any* word
that is found in a dictionary can be easily guessed, whether it is an
english or foreign language word/term.  I also wouldn't advise such things
as chopping off a character from the back or front of a word (thanks,
BTW, for the idea -- just added it to COPS), replacing an "o" (the letter
"oh") by a 0 ("zero"), adding a single digit, capitalizing a single word,
etc., etc., etc.  Dan Klien wrote up a nifty paper in the Summer '90
workshop, talking more about this, if you're into that kind of thing.

 -- dan