Path: utzoo!mnetor!uunet!husc6!bu-cs!madd
From: madd@bu-cs.BU.EDU (Jim Frost)
Newsgroups: sci.crypt
Subject: Re: Unix Password Hacker
Message-ID: <20073@bu-cs.BU.EDU>
Date: 21 Feb 88 18:28:30 GMT
References: <731@ddsw1.UUCP> <203@tijc02.UUCP> <2861@pitt.UUCP>
Reply-To: madd@bu-it.bu.edu (Jim Frost)
Followup-To: sci.crypt
Distribution: na
Organization: Boston University Distributed Systems Group
Lines: 11

In article <2861@pitt.UUCP> jonathan@vax.cs.pittsburgh.edu.UUCP (Jonathan Eunice) writes:
>Distributed on a couple of Sun workstations, it [UNIX password
>cracker] managed to crank out a few users' passwords, including that
>of root (!), in a few hours.

I would suggest that having the root password be a simple english word
is not good practice.  A phrase or jumble of digits is much better and
cannot be broken in this manner.

jim frost
madd@bu-it.bu.edu