password security

[Paul R. Haas]

In article <4444 at xenna.Encore.COM> bzs at Encore.COM (Barry Shein) writes:
>The average secretary I know is bright enough to understand rules like
>"use two short words with some upper-case letters and/or digits thrown
>in and separated by a punctuation, like "Hey!Jude" "FidoIS#1". Very
>hard to guess, very easy to remember, next...
Give a thousand secretaries that same set of instructions and you will
get far less than a thousand different passwords.  Sort them in order
of frequency and try them all on whatever system you are trying to
crack.  You certainly won't be able to break all the accounts, but you
will get a few.  Many people may prefer to listen in on a large
ethernet rather than deal with a thousand secretaries, but the result 
should be the similar.

If people are allowed to create their own passwords, there should not be
a way to try ten thousand different passwords on each account with out
triggering some alarm.

If security is really important it may be usefull to put the shadow
password file on a separate server machine.  The server machine should be
physically and electronically remote so that the only requests it
services are "check password/username", "add password/username",
"remove password/username" and "changepassword
newpassword/oldpassword/username".  This implies that backups and restores
have to be done manually.  A logical migration path to a secure password
server is to use a shadow password file which is normally only accessable
through a small well defined interface.
-----
Paul Haas uunet!actnyc!prh  haas at frith.egr.msu.edu (212) 696-3653