Path: utzoo!mnetor!uunet!mcvax!ukc!its63b!aiva!richard
From: richard@aiva.ed.ac.uk (Richard Tobin)
Newsgroups: comp.unix.wizards
Subject: Re: 60-second timeout in Unix login
Message-ID: <259@aiva.ed.ac.uk>
Date: 21 Feb 88 18:17:52 GMT
References: <10578@brl-adm.ARPA> <721X@jimi.cs.unlv.edu> <465@xios.XIOS.UUCP> <18083@topaz.rutgers.edu> <7267@brl-smoke.ARPA>
Reply-To: richard@uk.ac.ed.aiva (Richard Tobin)
Organization: Bannerman's Bar, Cowgate, Edinburgh
Lines: 22

In article <7267@brl-smoke.ARPA> gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>) writes:
>In article <18083@topaz.rutgers.edu> ron@topaz.rutgers.edu (Ron Natalie) writes:
>>Actually at BRL, it remembers all past passwords that everyone used and
>>won't ever let you reuse them (or use the "passwd" program to set too
>>accounts to the same password).
>
>Huh?  How could it do this when the passwords are never stored in the
>clear?

The same way it checks you've typed the correct one when you log in, I
should think.

Of course, comparing two encrypted passwords for equality is trickier,
as the "salt" may be different.  BTW, does knowing two different
encryptions of a password (ie encrypted with different salts) make
decrypting easier?

-- Richard
-- 
Richard Tobin,                         JANET: R.Tobin@uk.ac.ed             
AI Applications Institute,             ARPA:  R.Tobin%uk.ac.ed@nss.cs.ucl.ac.uk
Edinburgh University.                  UUCP:  ...!ukc!ed.ac.uk!R.Tobin