Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: Notesfiles $Revision: 1.6.2.16 $; site haddock.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!gamma!epsilon!zeta!sabre!petrus!bellcore!decvax!cca!haddock!trb
From: trb@haddock.UUCP
Newsgroups: net.crypt
Subject: foiling password crackers
Message-ID: <100900001@haddock.UUCP>
Date: Wed, 5-Feb-86 17:39:00 EST
Article-I.D.: haddock.100900001
Posted: Wed Feb  5 17:39:00 1986
Date-Received: Fri, 7-Feb-86 21:58:59 EST
Lines: 15
Nf-ID: #N:haddock:100900001:000:760
Nf-From: haddock!trb    Feb  5 17:39:00 1986


This would be better in a security newsgroup, but there isn't one, so
this will have to do.

We have all heard of losers who try to break into systems by calling
up, and trying to log in by exhaustively trying groups of possible
passwords.  Some login programs hang up the phone after a number of
attempts.  A simple refinement which I've never heard mentioned would
be to have the login program simply disable the ability to log in
successfully after a number of attempts, without notifying the user.
This would let the unsuspecting loser keep trying to log into your
system while you had plenty of time to trace his phone line without
your having to worry about his gaining entry to your system.

	Andrew Tannenbaum   Interactive   Boston, MA   617-247-1155