Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site sdchema.UUCP Path: utzoo!linus!decvax!ittvax!dcdwest!sdcsvax!sdchema!jwp From: jwp@sdchema.UUCP Newsgroups: net.unix-wizards Subject: Sort of Random Passwords Message-ID: <214@sdchema.UUCP> Date: Sat, 18-Aug-84 12:44:30 EDT Article-I.D.: sdchema.214 Posted: Sat Aug 18 12:44:30 1984 Date-Received: Sun, 19-Aug-84 13:51:14 EDT References: <12465@sri-arpa.UUCP> <202@amd.UUCP> Reply-To: jwp@sdchema.UUCP (John Pierce) Organization: Chemistry Dept, UC San Diego Lines: 20 Forcing "random" passwords on people has a number of problems (as has been pointed out): they tend to be hard to remember (encouraging people to write them down), they're often hard to type (encouraging complaints from poor typists), etc, etc. It's easy enough to write the code to check the proposed password against the user's name, room number, building name, etc. Some time ago, code was sent out by someone over the net [at least I think that's where I got it] to check passwords alogrithmically against common triples in English. The claim is (I have not tested it exhaustively) that no word in the on-line dictionary will pass. I have a feeling (again untested exhaustively) that most common names won't pass. I am modifying this [if I ever get our mail problems solved] to reject strings of the same character, simple sequences, etc. I think this approach gives reasonable security, while allowing the user to choose their own password which seems to make them happier (which, in turn, makes my job easier). John Pierce, Chemistry, UC San Diego {decvax,sdcsvax}!sdchema!jwp