60-second timeout in Unix login
Richard Tobin
richard at aiva.ed.ac.uk
Mon Feb 22 04:17:52 AEST 1988
In article <7267 at brl-smoke.ARPA> gwyn at brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>) writes:
>In article <18083 at topaz.rutgers.edu> ron at topaz.rutgers.edu (Ron Natalie) writes:
>>Actually at BRL, it remembers all past passwords that everyone used and
>>won't ever let you reuse them (or use the "passwd" program to set too
>>accounts to the same password).
>
>Huh? How could it do this when the passwords are never stored in the
>clear?
The same way it checks you've typed the correct one when you log in, I
should think.
Of course, comparing two encrypted passwords for equality is trickier,
as the "salt" may be different. BTW, does knowing two different
encryptions of a password (ie encrypted with different salts) make
decrypting easier?
-- Richard
--
Richard Tobin, JANET: R.Tobin at uk.ac.ed
AI Applications Institute, ARPA: R.Tobin%uk.ac.ed at nss.cs.ucl.ac.uk
Edinburgh University. UUCP: ...!ukc!ed.ac.uk!R.Tobin
More information about the Comp.unix.wizards
mailing list