a thought about UNIX login security
edhall%rand-unix at sri-unix.UUCP
edhall%rand-unix at sri-unix.UUCP
Sat Jun 18 09:59:00 AEST 1983
As the former system manager of a campus UNIX system, I am well
aware of many of UNIX's security holes. Students (and sometimes others)
seem to have a knack for discovering these, and often exploit them
when they do.
Some of these people of dubious morals read UNIX-WIZARDS. They might
see a paper copy of it circulated around the computer center, or even
have a legitimate entry on the mailing list.
I'm certain that at a half-dozen places across the country someone
is now creating a program to search the UNIX word list for a password.
Maybe they'll get caught, or their program will be killed when its
discovered using up so much CPU. But a weekend would be all it takes,
and perhaps on a `borrowed' account.
I hope the message is clear. As much as I'd like to be able to discuss
security issues on UNIX-WIZARDS, I'm afraid doing so can do as much harm
as good.
But everyone who reads UNIX-WIZARDS knows better than to use a trivial
password, right? Especially system administrators... Let's hope that
chance that everyone has realized that an 8-letter password can easily
be less secure than 3 random characters.
Excuse the flame; there have been several chances for me to comment on
this in the past. Some recent sad events on my `old' system inspired
me to write now.
-Ed
More information about the Comp.unix.wizards
mailing list