Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!amdcad!ames!hao!oddjob!gargoyle!ihnp4!homxb!homxc!bem
From: bem@homxc.UUCP (B.MCNAIR)
Newsgroups: sci.crypt
Subject: Re: Unix Password Hacker
Message-ID: <1368@homxc.UUCP>
Date: 18 Feb 88 14:14:18 GMT
References: <731@ddsw1.UUCP> <657@morningdew.BBN.COM>
Distribution: na
Organization: AT&T Bell Laboratories, Holmdel
Lines: 24
Summary: alternate view

In article <657@morningdew.BBN.COM>, dkovar@lf-server-2.BBN.COM (David Kovar) writes:
> 
>   I am not certain that posting this was the most intelligent idea you've
> ever had. I can forsee a lot of CPU cycles getting burned at colleges 
> around the nation, a fair number of broken passwords, and a little bit
> of hassle at each site as one or two anti-social types decide to do
> something with their new found passwords.
> 
>   Handing a loaded gun to someone is usually not done, particularly if
> they are going to turn it on you or someone around you. 
>.
>.
>.
> 
> -David Kovar
>  DKovar@BBN.COM
On the other hand, I think an illustration of the apparent simplicity of
this attack should serve to demonstrate to  EVERYONE the need to use 
nontrivial, nonobvious passwords.  This attack fails if the passwords are 
not found in the dictionary or trivial modifications of the dictionary.  

Bruce McNair
Bell Labs
Holmdel, NJ