Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!husc6!cmcl2!adm!smoke!ibd!heilpern From: heilpern@ibd.BRL.MIL (Mark A. Heilpern ) Newsgroups: comp.unix.wizards Subject: Re: Password security - Another idea Keywords: mixture of upper and lower cases Message-ID: <232@ibd.BRL.MIL> Date: 30 Dec 88 14:08:41 GMT References: <228@sea375.UUCP> <4497@xenna.Encore.COM> <2271@pompeii.cs.swarthmore.edu> <4523@xenna.Encore.COM> Reply-To: heilpern@brl.arpa (Mark A. Heilpern (IBD) ) Organization: Ballistic Research Lab (BRL), APG, MD. Lines: 40 Here's an interesting idea: Let's assume a users password is: physics This would most likely be solved in a routine dictionary search. Now let's assume his (her) password is: pHysIcs [I know, too hard to remember, please put flames on hold.] I don't know of any simple way to do a dictionary search on this and come up successful in a "short" amount of time. Now, the issue of remembering case: Suppose, among the standard dot files in the home directory, there was to be a new one: .case . The login program is to check this file, and if it has any permissions other than for owner, login is disabled. Once through this check, when the password is read from the user, it is converted to lower case, the .case file read [example .case below] and where appropriate, the case of a letter changed, before excryption for comparison to the /etc/passwd password. Of course, the passwd change program would also have to incorperate this. Flames can be sent to me personally at heilpern@brl.mil .case: lUllUll this is how the file would read for my pHysIcs example. it is not hard to see how this follows, l meaning lower and U meaning upper. ATTN: Would be flames: If you have a comment about the additional time required for the login process, I challenge you to come up with a quick and SECURE method. Mark A. Heilpern These are MY opinions only. If you like them, great. If you don't, great. -- |\/| | | | _ |< / \_(_(_)\_/ \______