Path: utzoo!utgpu!water!watmath!clyde!burl!codas!killer!jfh
From: jfh@killer.UUCP (John Haugh)
Newsgroups: comp.unix.wizards
Subject: Re: Remembering old passwords
Summary: Any information provided is a tip off.
Message-ID: <3432@killer.UUCP>
Date: 20 Feb 88 18:16:56 GMT
References: <10578@brl-adm.ARPA> <721X@jimi.cs.unlv.edu> <465@xios.XIOS.UUCP> <18083@topaz.rutgers.edu> <2178@ttrdc.UUCP> <9091@ism780c.UUCP>
Sender: 0000-Admin(0000)
Reply-To: jfh@killer.UUCP (The Beach Bum)
Organization: Big "D" Home for Wayward Hackers
Lines: 20

One thing I learned about cryptanalysis, any information you 
provide to a potential villian is too much.  The security of
letting people know you use DES is that DES is supposed to
be hard to break.  However, providing a tip-off that someone
_may_ be using a certain password provides with it the information
that potential villian should try that password on all current
users, and if someone _is_ using that password, then the
security of the system has been compromised.  So, regardless
of how difficult DES is to break, telling the bad guys that
you wouldn't let two people use the same password, either now
or ever is a Bad Thing.

Think about it.

- John.
-- 
John F. Haugh II                  SNAIL:  HECI Exploration Co. Inc.
UUCP: ...!ihnp4!killer!jfh                11910 Greenville Ave, Suite 600
"You can't threaten us, we're             Dallas, TX. 75243
  the Oil Company!"                       (214) 231-0993 Ext 260