Xref: utzoo comp.unix.wizards:13680 news.sysadmin:1999 Path: utzoo!attcan!uunet!ncrlnk!ncrcae!ece-csc!ncsuvx!gatech!rutgers!rochester!pt.cs.cmu.edu!dlc.fac.cs.cmu.edu!dlc From: dlc@dlc.fac.cs.cmu.edu (Daryl Clevenger) Newsgroups: comp.unix.wizards,news.sysadmin Subject: Re: Special chars humor (was password security) Message-ID: <3934@pt.cs.cmu.edu> Date: 24 Dec 88 08:38:22 GMT References: <8594@alice.UUCP> Organization: Carnegie-Mellon University, CS/RI Lines: 33 In article <8594@alice.UUCP> debra@alice.UUCP () writes: >Requiring the use of a non-alphanumeric character is not at all sufficient. >Many people react to this by just putting a special character (usually ".") >in front of their old password... > (This post is just a humorous interjection, not a comment one way or the other. It does illustrate yet another example of a program that missed a boundry case.) A friend of mine that used to work for a research project here at CMU had an interesting thing happen to him related to this. His group had a few HP Bobcats running HP/UX and he was given an account on them. Upon logging in the first time, he was asked to change his password and required him to use at least one non-alphanumeric character (I don't know if it cared where it was put into the password string). Being relatively naive about UNIX and not knowing its history, he picked '@' as his special character, which /bin/passwd gladly accepted. Guess what happened the next time he tried to login? The system kept printing "Login incorrect" and he was certain he was using the right passwd. Finally, he called me up and related what had heppened to me. I asked him which special character he used, and I thought about it for a moment. Then I remembered that the default 'Kill line' character used to be '@'. I told him to type his passwd at the "login:" prompt (why not, nobody could use it for much as it was) and tell me what happened. My suspicions were confirmed when I heard the screams and cursing. Moral: All characters are special; some are more special than others. ------------ Daryl Clevenger dlc@cs.cmu.edu CMU CS/RI Facilities Staff --