Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!emory!athena.cs.uga.edu!mcovingt
From: mcovingt@athena.cs.uga.edu (Michael A. Covington)
Newsgroups: comp.org.eff.talk
Subject: Allow students to run password guessers?  Was: Re: Student suspen...
Message-ID: <1991Jun24.041435.5423@athena.cs.uga.edu>
Date: 24 Jun 91 04:14:35 GMT
References: <8711@awdprime.UUCP> <1991Jun22.234109.25051@athena.cs.uga.edu> <1991Jun23.231749.25498@murdoch.acc.Virginia.EDU>
Organization: University of Georgia, Athens
Lines: 27

In article <1991Jun23.231749.25498@murdoch.acc.Virginia.EDU> gl8f@astsun8.astro.Virginia.EDU (Greg Lindahl) writes:
>In article <1991Jun22.234109.25051@athena.cs.uga.edu> mcovingt@athena.cs.uga.edu (Michael A. Covington) writes:
>>Good point... a sysadmin cannot investigate "intent" every time an
>>alarm goes off.
>Especially when your idea of an alarm is:
>OH MY GOD! THEY'RE RUNNING COPS!
>
>I have yet to have an alarm go off, because I've tested the security
>of my system and I'm not paranoid.

This is getting ridiculous. Our policy is that students are *not* allowed
to obtain passwords without the consent of the password owner, by any means
whatever.

I do not buy the idea that easy-to-guess passwords "deserve" to be stolen,
nor that it is legitimate to run a password guesser "to see if the system
is secure." Other tests, possibly, but not something that will give you
direct access to someone else's password.

Even the Free Software Foundation notices if you call "crypt" more than a
few times (as when running a password guesser).

-- 
-------------------------------------------------------
Michael A. Covington | Artificial Intelligence Programs
The University of Georgia  |  Athens, GA 30602   U.S.A.
-------------------------------------------------------