Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!elroy!jpl-devvax!lwall
From: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall)
Newsgroups: news.sysadmin
Subject: Re: Password support
Message-ID: <3543@jpl-devvax.JPL.NASA.GOV>
Date: 18 Nov 88 08:33:29 GMT
References: <22401@cornell.UUCP> <4627@rayssd.ray.com> <931@sword.bellcore.com> <853@applix.UUCP>
Reply-To: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall)
Organization: Jet Propulsion Laboratory, Pasadena, CA.
Lines: 17

In article <853@applix.UUCP> jim@applix.UUCP (Jim Morton) writes:
: 	-REQUIRES that they be alpha and numeric
: This was such a change for me that I found myself both using a common
: alphanumeric string that I wouldn't forget (license plate, "lotus123", etc.)
: and/or writing the password on the system console. The end result, from
: a cracker's point of view, I believe is worse than having any type of
: password be acceptable. Password cracking programs now have a set of
: guidelines to go by!

This is why it is important to for passwd to only be smart about the kinds
of passwords that are *bad*.  ANY time you try to specify what a good password
looks like, you either cut down the search space greatly or make unmemorable
passwords.  There are many ways to make good passwords, so don't restrict
people to one way.  Just don't let 'em use any bad ways.

Larry Wall
lwall@jpl-devvax.jpl.nasa.gov