Path: utzoo!attcan!uunet!lll-winken!lll-lcc!unisoft!greywolf
From: greywolf@unisoft.UUCP (The Grey Wolf)
Newsgroups: comp.unix.wizards
Subject: Re: Password security - Another idea
Message-ID: <1687@unisoft.UUCP>
Date: 4 Jan 89 23:43:21 GMT
References: <228@sea375.UUCP> <4497@xenna.Encore.COM> <4537@xenna.Encore.COM> <4547@xenna.Encore.COM> <2338@cuuxb.ATT.COM>
Reply-To: greywolf@unisoft.UUCP (The Grey Wolf)
Lines: 44

In article <2338@cuuxb.ATT.COM> dlm@cuuxb.UUCP (Dennis L. Mumaugh) writes:
# 7).  The key space for the password is woefully small compared to
# the  space  available.  Because  of the getty nonsense about case
# senstive terminals [some still around - IBM  3270  for  example],
# capital  letters  are  still  not  useable  in  a password.  Pass
# phrases are the best single improvement to  the  password  scheme
# around  that  hasn't  been  implemented by a major vendor such as
# Berkeley or ATT.
# -- 

Small point here:  Getty doesn't even look at the password.  Login is
the one that takes it.

I am also a bit shaky on how you mean "pass phrases" -- does this entail
enforcing very long strings or what?

Another idea:  Why do we not advance our technology to make use of
larger password salt/key strings (instead of using 8 chars and returning
13, why not try for 16 chars and return 26)?  Backwards compatibility,
sure, but once you have a decent system, are you really going to give a
flying f?ck through a rolling donut about that particular avenue of
backward compatibility?

I think that people are reluctant to explore the above possibility because
they are (mentally) comfortable to remain where they are.  So long as this
condition exists, passwords will be restricted in usable length (I have
often wished for passwords on the order of 12+ characters, but gave up
on them since only the first 8 were used), and we will have this problem.

(I am probably missing something here, but that's okay; this news group
is better than any C compiler I have ever seen -- not only will it tell
me I made an error, but it will point out the error and ram it down my
throat! :-)

Explanations welcomed; send flames to /dev/null.

# =Dennis L. Mumaugh
#  Lisle, IL       ...!{att,lll-crg}!cuuxb!dlm  OR cuuxb!dlm@arpa.att.com

Roan Anderson, Software Engineer and resident half-elf
UniSoft Corporation, 6121 Hollis St., Emeryville, CA 94608
-- 
...TheysaidDoyouseethebiggreenglowinthedarkhouseuponthehill?andIsaidYesIseethebiggreenglowinthedarkhouseuponthehillTheresabigdarkforestbetweenmeandthebiggreenglowinthedarkhouseuponthehillandalittleoldladyonaHoovervacuumcleanersayingIllgetyoumyprettyandyourlittledogTototoo
I don't even *HAVE* a dog Toto...