Firewall Wizards mailing list archives
Re: Re[2]: password aging
From: Alec Muffett - SunLabs <Alec.Muffett () UK Sun COM>
Date: Wed, 02 Sep 1998 16:15:45 +0100
One alternative to password aging, is to force everyone to use a password generator. FIPS181 from the US government describes (and implements) such a generator. I have found the FIPS181 algorithm generates good pronouncable passwords. They are also far less susceptible to social engineering. Using password generators has many problems in itself, not least of which is the tendency for people to write the password down. However, if security demands good password aging and system wide password re-use detection, then the local policies can be enforced to deal with this and a generator is a viable alternative.
I concur with your second paragraph to some extent, but recommend you read the FIPS181 note in the docs directory of Crack 5.0 before laying your trust in it too deeply. My take: if you can't use some decent non-reusable technology, and you are using a service like NIS or similar to distribute your passwords round the enterprise, then use a password generator - one that generates near-line-noise - and permit your users to write them down. cf: s/key - alec ps: can we pleae talk about firewalls again?
Current thread:
- Re: password aging Paul McNabb (Sep 01)
- Re: password aging Stephen P. Gibbons (Sep 01)
- <Possible follow-ups>
- RE: password aging Rick Smith (Sep 01)
- Re: password aging Joseph S. D. Yao (Sep 01)
- Re: password aging Stephen P. Gibbons (Sep 01)
- Re: password aging Joseph S. D. Yao (Sep 01)
- Re: password aging Stephen P. Gibbons (Sep 01)
- Re[2]: password aging Steve . Bleazard (Sep 02)
- Re: Re[2]: password aging Alec Muffett - SunLabs (Sep 02)
- Re: Re[2]: password aging Aleph One (Sep 02)
- Re: Re[2]: password aging Ryan Russell (Sep 03)
- Re: Re[2]: password aging Michael Shields (Sep 06)
- Re: password aging Paul McNabb (Sep 03)
- Re: password aging Stephen P. Gibbons (Sep 06)