Password security - Another idea
Barry Shein
bzs at Encore.COM
Sun Jan 1 03:35:33 AEST 1989
Re: using a .case file which shows the lower/upper case pattern for
a password....
But this means that login will now accept the dictionary word in lower
case? Seems to reopen that attack (ie. going thru the dictionary) as
login is correcting case for me as I go.
Worse, it relies on the unreadability of these .case files in every
user's directory, I don't think that's a good thing to rely on, if
users are sloppy about password choosing and too lazy to remember the
case shifts why do you believe they'll be careful about protecting
this .case file? Besides, holes to read unreadable files are a little
too easy to come by (also, I assume that the length of the file tells
me how many chars in your passwd?)
I don't think this idea goes very far.
-Barry Shein, ||Encore||
More information about the Comp.unix.wizards
mailing list