Path: utzoo!utgpu!water!watmath!clyde!rutgers!cmcl2!brl-adm!adm!preece%fang@gswd-vms.gould.com From: preece%fang@gswd-vms.gould.com (Scott E. Preece) Newsgroups: comp.unix.wizards Subject: Re: 60-second timeout in Unix login Message-ID: <11887@brl-adm.ARPA> Date: 18 Feb 88 14:33:41 GMT Sender: news@brl-adm.ARPA Lines: 28 From: "j.r.lupien" > > Actually at BRL, it remembers all past passwords that everyone used and > > won't ever let you reuse them (or use the "passwd" program to set too > > accounts to the same password). > > Oh really? This means that if you get a reject, and you know it isn't > one of your previous passwords, it >MUST< be someone else's! Then > you just try each login on the system until you hit the one who's > password you have just "guessed". This seems rather bogus. > The passwd program should not give out ANY information > about other users' passwords, even to the extent of > "you have just used a word nobody else is using". ---------- I think you're misinterpreting the quote. I don't think they meant you could never use a password that ANYONE had every used, only that you couldn't use one that YOU had used before. The language is ambiguous -- either interpretation could be right, but since the "never use a password that anyone had ever used" interpretation would require storing the passwords in clear (or something not salted by user), I suspect the "never reuse one of your old passwords" interpretation is what was meant. -- scott preece gould/csd - urbana uucp: ihnp4!uiucdcs!ccvaxa!preece arpa: preece@Gould.com