|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Re[2]: password aging
Alec Muffett - SunLabs (Alec.Muffett
UK.Sun.COM)
Wed, 02 Sep 1998 16:15:45 +0100
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Stephen P. Berry: "Re: Reverse Proxying of FTP?"
- Previous message: Steve.Bleazardwdr.com: "Re[2]: password aging"
- Next in thread: Aleph One: "Re: Re[2]: password aging"
> One alternative to password aging, is to force everyone to use a
> password generator. FIPS181 from the US government describes (and
> implements) such a generator. I have found the FIPS181 algorithm
> generates good pronouncable passwords. They are also far less
> susceptible to social engineering.
>
> Using password generators has many problems in itself, not least of
> which is the tendency for people to write the password down. However,
> if security demands good password aging and system wide password
> re-use detection, then the local policies can be enforced to deal with
> this and a generator is a viable alternative.
I concur with your second paragraph to some extent, but recommend you
read the FIPS181 note in the docs directory of Crack 5.0 before laying
your trust in it too deeply.
My take: if you can't use some decent non-reusable technology, and you
are using a service like NIS or similar to distribute your passwords
round the enterprise, then use a password generator - one that
generates near-line-noise - and permit your users to write them down.
cf: s/key
- alec
ps: can we pleae talk about firewalls again?
- Next message: Stephen P. Berry: "Re: Reverse Proxying of FTP?"
- Previous message: Steve.Bleazardwdr.com: "Re[2]: password aging"
- Next in thread: Aleph One: "Re: Re[2]: password aging"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:46 CDT