Path: utzoo!utgpu!water!watmath!clyde!att-cb!ihnp4!alberta!edson!tic!ruiu
From: ruiu@tic.UUCP (Dragos Ruiu)
Newsgroups: comp.unix.wizards
Subject: Re: 60-second timeout in Unix login
Summary: Security Hole ?
Message-ID: <176@tic.UUCP>
Date: 19 Feb 88 02:29:04 GMT
References: <10578@brl-adm.ARPA> <721X@jimi.cs.unlv.edu> <465@xios.XIOS.UUCP> <18083@topaz.rutgers.edu>
Organization: U of A, E.E., Edmonton,Canada
Lines: 20

In article <18083@topaz.rutgers.edu>, ron@topaz.rutgers.edu (Ron Natalie) writes:
> Actually at BRL, it remembers all past passwords that everyone used and
> won't ever let you reuse them (or use the "passwd" program to set too
> accounts to the same password).
> 
> -Ron

 Assuming 'two' for 'too'.
 Isn't this rather a large security hole if someone stumbles across another
 password. He will then know that there is an account with that password,
 and a breach would be short work.
 
 Comments ?


-- 
Dragos Ruiu           UUCP:<backbone>!alberta!edson!tic!dragos!work
     Hey, remember the one who pretended to be a super-villain to get beaten ?
     Whatever happened to him ?
     He pulled it on Rorshach and Rorshach dropped him down an elevator shaft.