Path: utzoo!attcan!uunet!husc6!rutgers!gatech!ulysses!smb
From: smb@ulysses.homer.nj.att.com (Steven M. Bellovin)
Newsgroups: comp.unix.wizards
Subject: Re: [Lynn R Grant:  Password Aging]
Message-ID: <11048@ulysses.homer.nj.att.com>
Date: 28 Dec 88 20:37:03 GMT
References: <17981@adm.BRL.MIL> <4506@xenna.Encore.COM>
Organization: AT&T Bell Laboratories, Murray Hill
Lines: 16

In article <4506@xenna.Encore.COM>, bzs@Encore.COM (Barry Shein) writes:
> Of course the obvious question is does anyone have any good cases of
> systems broken into where, if password aging had been in effect, the
> break-in would have been prevented? Reasoning appreciated.

The DoD reasoning is fairly simple:  they want to prevent brute-force
attacks on a particular password.  I don't have their booklet handy,
but they show you how to work through the calculations.  Figure out
how many possible passwords there are, and assume some value (which
I believe they supply) for the time to make one trial.  That gives you
an upper bound on how long a particular password is secure.  The aging
constant is set to be some small fraction of that time.

This is the same reasoning, of course, that leads the military to change
codes and ciphers periodically.  Read Kahn's ``The Codebreakers'' for
examples of how this has helped, and how failure to do this has hurt.