Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1998

NFR Wizards Archive: Re[2]: password aging

Re[2]: password aging

Steve.Bleazardwdr.com
Wed, 2 Sep 1998 15:17:06 +0700

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Alec Muffett - SunLabs: "Re: Re[2]: password aging"
Previous message: Joseph S. D. Yao: "Re: password aging"
In reply to: Stephen P. Gibbons: "Re: password aging"
Next in thread: Alec Muffett - SunLabs: "Re: Re[2]: password aging"
Reply: Alec Muffett - SunLabs: "Re: Re[2]: password aging"
Reply: Aleph One: "Re: Re[2]: password aging"
Maybe reply: Ryan Russell: "Re: Re[2]: password aging"

     One alternative to password aging, is to force everyone to use a
     password generator. FIPS181 from the US government describes (and
     implements) such a generator. I have found the FIPS181 algorithm
     generates good pronouncable passwords. They are also far less
     susceptible to social engineering.

     Using password generators has many problems in itself, not least of
     which is the tendency for people to write the password down. However,
     if security demands good password aging and system wide password
     re-use detection, then the local policies can be enforced to deal with
     this and a generator is a viable alternative.

     Steve

______________________________ Reply Separator _________________________________
Subject: Re: password aging
Author: jsdy (jsdycospo.osis.gov) at unix/o2=mime
Date: 9/1/98 8:58 PM

> This is true. It's also "standard" practice...One of the goals of my group
> is to _reduce_ the number of calls
> to the help-desk. Please keep in mind that this is only a _proposed_
> change, and it hasn't been approvee yet.

If reducing calls is a goal, why increase them by not telling the user
why the password is rejected? ;-)

> Scalability is an issue. We're talking about (at least) a 128 bit
> keyspace.

The ARGUMENT doesn't scale perfectly. Analogies rarely do. I believe
that a system-wide old-password database is still not the wisest
choice.

--
Joe Yao                         jsdycospo.osis.gov - Joseph S. D. Yao
COSPO Computer Support                                          EMT-A/B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.

Next message: Alec Muffett - SunLabs: "Re: Re[2]: password aging"
Previous message: Joseph S. D. Yao: "Re: password aging"
In reply to: Stephen P. Gibbons: "Re: password aging"
Next in thread: Alec Muffett - SunLabs: "Re: Re[2]: password aging"
Reply: Alec Muffett - SunLabs: "Re: Re[2]: password aging"
Reply: Aleph One: "Re: Re[2]: password aging"
Maybe reply: Ryan Russell: "Re: Re[2]: password aging"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:46 CDT