Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!henry
From: henry@utzoo.UUCP (Henry Spencer)
Newsgroups: net.unix-wizards
Subject: Re: Obvious password detector / eliminator
Message-ID: <3777@utzoo.UUCP>
Date: Sat, 21-Apr-84 19:43:44 EST
Article-I.D.: utzoo.3777
Posted: Sat Apr 21 19:43:44 1984
Date-Received: Sat, 21-Apr-84 19:43:44 EST
References: <199@wdl1.UUCP>
Organization: U of Toronto Zoology
Lines: 17

There is a disadvantage to this routine.  My personal guess would be
that it will exclude almost any pronounceable word, even if it's a
nonsense word.  Why is this significant?  Because pronounceable words
are much easier to remember than arbitrary sequences of gibberish.
Well, you ask, why is *this* significant?  Because if a user can't
remember his password, he will write it down, and that's just what we
don't want.

It is true that requiring a password to be pronounceable reduces its
information content, making brute-force password searching easier, but
the benefits are usually considered worth the cost.  Password holders
are human; nothing short of military discipline (*good* military
discipline) will keep them from writing down something they find hard
to remember.
-- 
				Henry Spencer @ U of Toronto Zoology
				{allegra,ihnp4,linus,decvax}!utzoo!henry