Path: utzoo!attcan!uunet!husc6!uwvax!rutgers!mailrus!ncar!ames!pasteur!ucbvax!MCL.UNISYS.COM!perry From: perry@MCL.UNISYS.COM (Dennis Perry) Newsgroups: comp.protocols.tcp-ip Subject: passwords Message-ID: <8811171741.AA05815@LANAI.MCL.UNISYS.COM> Date: 17 Nov 88 17:41:48 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 46 Henry, you point out several interesting points that are not too difficult to solve. The latter one about writing down passwords is relatively easy. The passwords are pronouncable and easily remembered. Now, you may argur that since you did not think it up, it is too hard, but in practice, this is not a problem. The first potential problem is the log on name. Los Alamos does not use 'names', but user numbers, which are assigned to employees and people authorized for accounts on the system. If you know something about Los Alamos or people who work there you know a little about the system, an outside hacker most likely would not. In fact, we have watched many hackers (all login attempts are logged) try all kinds of names, but none with the right 'type' of number. One of the things I did not say in my previous message (I was not trying to give a definitive statement about how Los Alamos does things, since I am no longer employed there) is that the first thing a user has to get right is is login name. This can be done many times, but since attempts are logged, it soon becomes apparent that someone is trying to get in. When I left we were thinking about makeing the loging of login attempts a real-time system which would alert the operations desk which could then take action to shut down the port under attack. So, a user would not normally be denied service except for the case where his name was known to the hacker, or he guessed a valid user number at random. In addition, if a hacker were to get in, he still must get passed the account checking, i.e. does he have an account with money in the bank, and then he must logon to the machine itself, for which he may or may not be authorized. Again, there are lots of things we can NOT do, but that doesn't help much. Reasonable passwords are a good investment in system management. Password aging is a good investment in system managment. To remove these responsibilites from humans and entrust them to machines would make it even better, since now we only have to worry about losing a 'smart' card, and that can be reported and logged in the system. In addition to a smart card, some of the type of things I was looking at at DARPA was to usa biological information to verify that the person useing the equipment was authorized. Retina scans from 3-4 feet now seem doable and would be non intrusive. So, the general ideas of useing something one know, something one has (object), and something one is (bio) would make a fairly tight system. (please spare me the objections of plucking out someone's eyes to defeat the system, dead eye don't focus and retina scans pick that up too!) dennis