Password security - Another idea
Mark A. Heilpern
heilpern at ibd.BRL.MIL
Sat Dec 31 00:08:41 AEST 1988
Here's an interesting idea:
Let's assume a users password is: physics
This would most likely be solved in a routine dictionary search.
Now let's assume his (her) password is: pHysIcs
[I know, too hard to remember, please put flames on hold.]
I don't know of any simple way to do a dictionary search on this and come up
successful in a "short" amount of time.
Now, the issue of remembering case:
Suppose, among the standard dot files in the home directory, there was to be
a new one: .case . The login program is to check this file, and if it has
any permissions other than for owner, login is disabled.
Once through this check, when the password is read from the user, it is
converted to lower case, the .case file read [example .case below] and where
appropriate, the case of a letter changed, before excryption for comparison
to the /etc/passwd password. Of course, the passwd change program would
also have to incorperate this.
Flames can be sent to me personally at heilpern at brl.mil
.case:
lUllUll
this is how the file would read for my pHysIcs example. it is not hard to
see how this follows, l meaning lower and U meaning upper.
ATTN: Would be flames:
If you have a comment about the additional time required for the login
process, I challenge you to come up with a quick and SECURE method.
Mark A. Heilpern
These are MY opinions only. If you like them, great. If you don't, great.
--
|\/| |
| | _ |<
/ \_(_(_)\_/ \______
More information about the Comp.unix.wizards
mailing list