Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!lll-lcc!mordor!styx!ames!ucbcad!ucbvax!MITRE.ARPA!mckee
From: mckee@MITRE.ARPA (H. Craig McKee)
Newsgroups: mod.protocols.tcp-ip
Subject: Re: secure replacements for passwords
Message-ID: <8701121504.AA09516@mitre.ARPA>
Date: Mon, 12-Jan-87 11:18:44 EST
Article-I.D.: mitre.8701121504.AA09516
Posted: Mon Jan 12 11:18:44 1987
Date-Received: Mon, 12-Jan-87 22:37:02 EST
References: <8701110003.AA06976@topaz.rutgers.edu>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The MITRE Corp., Washington, D.C.
Lines: 18
Approved: tcp-ip@sri-nic.arpa

Charles Hedrick

I suggest you review DoD Password Management Guideline (CSC-STD-002-85),
12 April 85.  The Guideline was developed by the Computer Security
Center, Ft. Meade, Maryland 20755.  The point of contact is the Office
of Standards and Products, Attn: Chief, Computer Security Standards.  
(If you like I'll make a copy and mail it to you.)  The Guideline offers
many recommendations, two of which follow.

The password should be a three-word phrase, because it is easier to
remember, rather than a random string of characters.  The words are drawn
randomly from a dictionary of at least 2000 words.

The passwords should be encrypted; thus, the clear text form of the
password exists only in the mind of the user, and very briefly in the
memory of the host.

Regards - Craig