Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!sharkey!atanasoff!jobusch From: jobusch@atanasoff.cs.iastate.edu (David L. Jobusch) Newsgroups: comp.unix.wizards Subject: Re: Password security - Another idea Summary: 8 character limit on user passwords under *NIX Keywords: passwords, security, limitations Message-ID: <566@atanasoff.cs.iastate.edu> Date: 29 Dec 88 16:57:05 GMT References: <228@sea375.UUCP> <4497@xenna.Encore.COM> <2271@pompeii.cs.swarthmore.edu> Reply-To: jobusch@atanasoff.cs.iastate.edu (David L. Jobusch) Organization: Iowa State U. Computer Science Department, Ames, IA Lines: 27 In article <2271@pompeii.cs.swarthmore.edu> schwartz@pompeii.UUCP (Scott Schwartz) writes: >As it happens, I think that Barry has a good point here. I think >one answer is to admit that 8 character passwords (and user id's, >for that matter!) are too small. Someone who knows a lot about >encryption (not me!) should suggest a better number. >-- >Scott Schwartz Part of a project I am working on now uses a technique my major professor describes in a paper to compress an ARBITRARY length password (or better, a pass-phrase) into the 56 bit DES key. The goal is to allow the arbitrary length passwords to "fit" into the current password mechanisms without breaking too much software (uses /etc/passwd, field sizes stay the same, staying away from "shadow" files, etc...). I, too, would be interested in hearing arguments for and against various restrictions on passwords. User frustration with picky mechanisms (must use a ... ) around my office usually leads to root setting the person's password to "hi" or something equally secure. (I would appreciate replies through email; will post summary if needed.) Dave Jobusch, Iowa State University Telecommunications jobusch@atanasoff.cs.iastate.edu j1.dlj@isumvs.bitnet (ick) ^^^^^^^^^ As in John Vincent Atanasoff, the creator of the world's first electronic digital computer, built at ISU. Spread the news.