Newsgroups: comp.archives
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!caen!ox.com!msen.com!emv
From: bdh@uchicago (Brian D. Howard)
Subject: [alt.security] Re: Hacking
Message-ID: <1991Apr5.073410.23806@ox.com>
Followup-To: alt.security
Sender: emv@msen.com (Edward Vielmetti, MSEN)
Reply-To: bdh@uchicago (Brian D. Howard)
Organization: University of Chicago
References: <1991Mar27.094325.24599@en.ecn.purdue.edu>> <PJNESSER.91Mar27142853@mbunix.mitre.org> <sean.670127199@coombs> <1991Mar28.154647.24831@cunixf.cc.columbia.edu> <bdh.670521496@gsbsun>
Date: Fri, 5 Apr 1991 07:34:10 GMT
Approved: emv@msen.com (Edward Vielmetti, MSEN)
X-Original-Newsgroups: alt.security

Archive-name: security/password/emx-npasswd/1991-04-01
Archive-directory: emx.utexas.edu:/pub/npasswd/ [128.83.1.33]
Original-posting-by: bdh@uchicago (Brian D. Howard)
Original-subject: Re: Hacking
Reposted-by: emv@msen.com (Edward Vielmetti, MSEN)

fuat@cunixf.cc.columbia.edu (Fuat C. Baran) writes:

>"An ounce of prevention is worth a pound of cure."  If you really want
>to enforce a policy of "reasonable" passwords (e.g. not in a
>dictionary, not personal name, variation of username, etc.) the place
>to do it would be in /bin/passwd when the user is setting the
>password.  At that time you have the plaintext password and you can do
>whatever checks you want and give users instant feedback on their
>choice of password.  No need to crack passwords after the fact.  I'm
>sure you could put your CPU cycles to better use than making attempts
>to crack your users' passwords.  Besides what is a practical and
>acceptable frequency for running your password cracker for it to be
>worth the effort?

ftp pub/npasswd/npasswd.tar.Z  (or the shar files) from emx.utexas.edu

THat should do the trick.
--
"Hire the young while they still know everything." 
