Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!pasteur!ucbvax!GATEWAY.MITRE.ORG!hal
From: hal@GATEWAY.MITRE.ORG (Hal Feinstein)
Newsgroups: comp.protocols.tcp-ip
Subject: passwords
Message-ID: <8811181442.AA24438@gateway.mitre.org>
Date: 18 Nov 88 14:42:38 GMT
Sender: usenet@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 17

Before anyone falls too deeply in love with pronunceable passwords and
rushes off to install it maybe you should take a look at some others who've
used it.  I put pronunceable passwords into a network authentication server
about three years ago which had lots of office-type workers, not computer
people.  My goal: add some kind of psychological memory jog to help 
people remember them.  Random strings no one remembers and most people
write'em down. Fine!  We'll do pronunceable passwords.  I based it on
the algorithm used by multics. They hated it and wrote 'em down.
Now, years later I am a user of a multics
system with pronunceable passwords, and I hate it!  Yes, I've been tempted
to write'em down.  A better system is pass phrases which uses DES and a 
standard feedback chainning technique to develop a 64-bit result from a
variable length phrase.  A lot of password generation schemes beat the
dictionary attack such as a few small words glued together with a number
or other symbol. They are easier to remember than 8 characters of bizarre 
text.