Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site ucbvax.ARPA Path: utzoo!watmath!clyde!cbosgd!ulysses!ucbvax!info-vax From: info-vax@ucbvax.ARPA Newsgroups: fa.info-vax Subject: Re: SYSTEM login Message-ID: <5076@ucbvax.ARPA> Date: Mon, 25-Feb-85 15:32:56 EST Article-I.D.: ucbvax.5076 Posted: Mon Feb 25 15:32:56 1985 Date-Received: Wed, 27-Feb-85 06:58:03 EST Sender: daemon@ucbvax.ARPA Organization: University of California at Berkeley Lines: 44 From: Jerry Leichter DISUSER is more effective because if the user manages to stumble on to the correct password, he still can't get on. If an 8-character randomly chosen password it used, there is about as much chance of the user "stumbling upon it" as there is that random errors in memory will suddenly create a process running in the system account running on the user's terminal. (Well, maybe that's an exageration; but if you sat down and computed it, I'd bet that the chances of a memory error, not detectable by the ECC logic, which turns on bits in the user's privilege mask is in the same ballpark of probability as of guessing a random password.) If by "stumble upon" you mean that the user may see someone using it, there is a simple solution: Let one person construct the random password, put it in, never use it, never write it down, never tell anyone else what it was. When I say a "random password", I mean really random - not someone's name or an English word or anything like that. Start any reasonable pseudo- random number generator from the exact time of time, run for a thousand steps, then use to select characters; that's as close to random as you need. (Use a pseudo random number generator with a very long period. See Knuth for tons of examples.) The reason for saying "8 characters" is that the VMS password encryption algorithm folds longer passwords down to 8 bytes anyway. (Actually, to be exact, the result of the fold may not be equivalent to any actual 8-byte password, since there are a lot of bytes that can't be part of a password as typed. So use 16 bytes if you want.) Really, this is silly. Despite all the movies and TV shows that have people with micros "trying all the passwords", systems simply cannot be broken into this way. Passwords can be guessed if they are chosen poorly - from too small a set of possibilities (English words, names, output of a random number generator with a small period). They can be compromised by a variety of means, ranging from watching people as they type, to tapping phone lines, to bribery. -- Jerry -------