Firewall Wizards mailing list archives

Re: Re[2]: password aging

From: Alec Muffett - SunLabs <Alec.Muffett () UK Sun COM>
Date: Wed, 02 Sep 1998 16:15:45 +0100

    One alternative to password aging, is to force everyone to use a 
    password generator.  FIPS181 from the US government describes (and 
    implements) such a generator.  I have found the FIPS181 algorithm 
    generates good pronouncable passwords.  They are also far less 
    susceptible to social engineering.

    Using password generators has many problems in itself, not least of 
    which is the tendency for people to write the password down.  However, 
    if security demands good password aging and system wide password 
    re-use detection, then the local policies can be enforced to deal with 
    this and a generator is a viable alternative.


I concur with your second paragraph to some extent, but recommend you
read the FIPS181 note in the docs directory of Crack 5.0 before laying
your trust in it too deeply.

My take: if you can't use some decent non-reusable technology, and you
are using a service like NIS or similar to distribute your passwords
round the enterprise, then use a password generator - one that
generates near-line-noise - and permit your users to write them down.

cf: s/key

        - alec

ps: can we pleae talk about firewalls again?

Current thread:

Re: password aging Paul McNabb (Sep 01)
- Re: password aging Stephen P. Gibbons (Sep 01)
- <Possible follow-ups>
- RE: password aging Rick Smith (Sep 01)
- Re: password aging Joseph S. D. Yao (Sep 01)
  - Re: password aging Stephen P. Gibbons (Sep 01)
    - Re: password aging Joseph S. D. Yao (Sep 01)
- Re[2]: password aging Steve . Bleazard (Sep 02)
  - Re: Re[2]: password aging Alec Muffett - SunLabs (Sep 02)
  - Re: Re[2]: password aging Aleph One (Sep 02)
- Re: Re[2]: password aging Ryan Russell (Sep 03)
  - Re: Re[2]: password aging Michael Shields (Sep 06)
- Re: password aging Paul McNabb (Sep 03)
  - Re: password aging Stephen P. Gibbons (Sep 06)