Path: utzoo!utgpu!water!watmath!clyde!rutgers!mailrus!umix!husc6!cca!bobcoe From: bobcoe@cca.CCA.COM (Robert K. Coe) Newsgroups: sci.crypt Subject: Re: Unix Password Hacker Message-ID: <24582@cca.CCA.COM> Date: 16 Feb 88 17:07:26 GMT References: <731@ddsw1.UUCP> <657@morningdew.BBN.COM> Reply-To: bobcoe@CCA.CCA.COM.UUCP (Robert K. Coe) Distribution: na Organization: Computer Corp. of America, Cambridge, MA Lines: 29 In article <657@morningdew.BBN.COM> dkovar@BBN.COM (David Kovar) writes: # I am not certain that posting this was the most intelligent idea you've #ever had. I can forsee a lot of CPU cycles getting burned at colleges #around the nation, a fair number of broken passwords, and a little bit #of hassle at each site as one or two anti-social types decide to do #something with their new found passwords. # ... # I'm not advocating that we all bury our head in the sands and ignore #such issues. Discussing them in the open increases the general awareness #of the problem, something that is badly needed, I'll admit. Distributing #the code, though, will annoy some system administrators and really is #not overly polite. # # This is not a religious issue for me and I could probably argue both #sides of the issue. I think the other side is that the antisocial types won't have a lot of trouble getting their hands on the code in any case, and it only takes a few of them to wreak havoc. The advantage of distributing the code is that it may shock some users and system managers into defensive action; this cracking method depends, after all, on the presence of stupidly chosen passwords. At our (UNIX) site we have taken the obvious precaution of tuning the password mechanism to forbid passwords that can be found in the commonly available on-line dictionaries. All sites should, at a minimum, do likewise. Forthwith. -- *> Robert K. Coe | bobcoe@cca.cca.com <* *> Computer Corp. of America | [...!]{decvax,linus,mirror}!cca!bobcoe <* *> 4 Cambridge Center | 617-492-8860, ext. 428 <* *> Cambridge, Mass. 02142 | "Everyone should adopt a homeless dog." <*