Path: utzoo!attcan!uunet!husc6!bu-cs!kwe
From: kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England))
Newsgroups: comp.protocols.tcp-ip
Subject: Re: passwords
Message-ID: <26010@bu-cs.BU.EDU>
Date: 14 Nov 88 23:13:36 GMT
References: <8811090956.AA07706@LANAI.MCL.UNISYS.COM>
Reply-To: kwe@bu-it.bu.edu (Kent England)
Followup-To: comp.protocols.tcp-ip
Organization: Boston Univ. Information Tech. Dept.
Lines: 32

In article <8811090956.AA07706@LANAI.MCL.UNISYS.COM>
 perry@MCL.UNISYS.COM (Dennis Perry) writes:
>
>At Los Alamos, and here at Unisys, a program is available to generate
>pronouncable passwords, but composed at random.  These password programs
>can be made to run inplace of the option of inputting your own.  Each
>time you type the 'passwd' command, the system gives you a new one.  If you
>don't like it, you can get another until you find one you lik  These
>passwords are 8 characters long and difficult to guess, if not impossible,
>
>dennis

	Nice idea.  Can you get this into Berkeley and Sun?  :-)

	When I was at InterOp I stopped by the Sytek booth to look at
their telnet server.  I was not impressed, except by a neat little
gizmo they had for their terminal server administrators.  It looked
like a calculator.  To use it you enter a PIN, like at your favorite
ATM machine.  Then when you log onto a secure port to administer your
Sytek terminal server, the login program gives you a sequence of
numbers.  You enter the numbers into the little gizmo and it gives you
a bunch of numbers back.  You enter these into the login program and
you are in.  Anyone catching this sequence over the net cannot
duplicate it, they don't have the little calculator gizmo and your
PIN.
	There must be a name for this kind of security system.  Anyone
know?
	Is this kind of system available elsewhere?  How secure is
this concept?  I thought it sounded like it might be useful for system
administrators.

	Kent England, Boston University