Path: utzoo!mnetor!uunet!unisoft!bks
From: bks@unisoft.UUCP (Brian K. Shiratsuki)
Newsgroups: sci.crypt
Subject: Re: Unix Password Hacker
Message-ID: <861@unisoft.UUCP>
Date: 27 Feb 88 18:49:45 GMT
References: <731@ddsw1.UUCP> <203@tijc02.UUCP>
Reply-To: bks@unisoft.UUCP (Brian K. Shiratsuki)
Distribution: na
Lines: 15

In article <203@tijc02.UUCP> pjs269@tijc02.UUCP (Paul Schmidt        ) writes:
>Our company has had the policy of assigning passwords and making them
>unchangeable to the employees...
>But there may be a danger still...
>On a system that has a large number of users there may be a good possibility
>that more than one user has the same salt!...

an additional hazard is that random, assigned and unchangeable passwords 
with random characters in them are harder to remember, so users would be
much more likely to write them down.  it seems to me that making the passwd
program less lenient as to what it will eventually accept as a password
is a better idea than denying use of the program.
-- 

				brian