Path: utzoo!mnetor!uunet!husc6!mit-eddie!minya!jc
From: jc@minya.UUCP (John Chambers)
Newsgroups: comp.unix.wizards
Subject: Re: 60-second timeout in Unix login
Message-ID: <468@minya.UUCP>
Date: 15 Feb 88 15:05:41 GMT
References: <10578@brl-adm.ARPA> <721X@jimi.cs.unlv.edu> <465@xios.XIOS.UUCP>
Organization: home
Lines: 24

In article <465@xios.XIOS.UUCP>, greg@xios.XIOS.UUCP (Greg Franks) writes:
> In article <721X@jimi.cs.unlv.edu> robert@jimi.cs.unlv.edu (Robert Cray) writes:
> >...I hear that in the next (4.7?) version of vms, it will
> >remember the last 6 passwords so that a->b->a (which is what I always do)
> >will be more painful.  
> 
> Do what everyone else does - change your password at the beginning of
> the month to the name of the month :-).
> 
Nah, I just change it to what it was before.  That's much easier to remember,
and since Unix encrypts it differently each time, the administrators have
no way of knowing that I'm doing it.

If VMS can actually determine that you have used the same password, then it
is either keeping your unencrypted password somewhere, or it encrypts it the
same each time.  Either is a major security hole, of course, and you should
refuse to use the system (on security grounds) until they correct the problem.

(Actually, there is a third possibility, that it is unencrypting the encrypted
passwords for comparison, but not even VMS hackers would do that routinely! :-)
[[I sure hope that's a joke! ;-]]

-- 
John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)