Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: "Proactive" Password Checking

From: Alec Muffett <alecm () coyote uk sun com>
Date: Fri, 05 Nov 1999 16:38:40 +0000


At 06:19 AM 11/3/99 -0800, Jim Raykowski wrote:

If you really, really want to have hard to crack passwords and you
want to avoid having them in writing, then leave passwords in place
for a year or more at a time. That gives people a chance to memorize
them. Once memorized, the pieces of paper will start to disappear,
reducing the risk of one being found.


FWIW I have stopped telling people not to write passwords down, in
favour of telling them to select (or have forced upon them) very
complex passwords, and telling them to write them down and keep the
paper safe if needs be.

This will remain my policy until crypt(3) is dead and replaced by
*ubiquitous* MD5 (or better) with passphrase capability.

The crypt(3) keyspace is too damned small.  Ask me offline.

This is widely off-topic, so I shall shut-up, now.

        - alec

-- 
       alec muffett, sun professional services, alec.muffett @ uk.sun.com
                            don't drink the sludge
Previous By Date Next
Previous By Thread Next

Current thread: