Path: utzoo!mnetor!uunet!mcvax!ukc!its63b!aiva!richard
From: richard@aiva.ed.ac.uk (Richard Tobin)
Newsgroups: comp.unix.wizards
Subject: Re: 60-second timeout in Unix login
Message-ID: <260@aiva.ed.ac.uk>
Date: 21 Feb 88 18:30:42 GMT
References: <10578@brl-adm.ARPA> <721X@jimi.cs.unlv.edu> <465@xios.XIOS.UUCP> <18083@topaz.rutgers.edu> <470@anuck.UUCP>
Reply-To: richard@uk.ac.ed.aiva (Richard Tobin)
Organization: Bannerman's Bar, Cowgate, Edinburgh
Lines: 22

In article <470@anuck.UUCP> jrl@anuck.UUCP (j.r.lupien) writes:
>In article <18083@topaz.rutgers.edu>, ron@topaz.rutgers.edu (Ron Natalie) writes:
>> Actually at BRL, it remembers all past passwords that everyone used and
>> won't ever let you reuse them (or use the "passwd" program to set too
>> accounts to the same password).
>
>Oh really? This means that if you get a reject, and you know it isn't
>one of your previous passwords, it >MUST< be someone else's! 

Yes, but you can do this anyway.  Just try logging in as each person
in turn.  Or more likely, write a program that tries the word for each
person.  The whole point of a good encryption algorithm is to make
this sort of thing hard by making it slow.  (That didn't stop them
using register variables in crypt(3), however.  I guess it's hard to
overcome such habits...)

-- Richard

-- 
Richard Tobin,                         JANET: R.Tobin@uk.ac.ed             
AI Applications Institute,             ARPA:  R.Tobin%uk.ac.ed@nss.cs.ucl.ac.uk
Edinburgh University.                  UUCP:  ...!ukc!ed.ac.uk!R.Tobin