[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: big word listing



At 04:17 PM 7/21/95 -0500, Chris Gorsuch wrote:
  [ stuff about keeping a dictionary of previously used passwords to prevent
reuse ]
>   A "cryptographic" solution would be to simply store a hash of the password
>rather than the password itself in the "appended" dictionary.  A CRYPTOGRAPHIC
>solution would be to use one time passwords :).

Be _very_ careful if you try this.  After all, it's an invitation for anybody
who runs the dictionary to use a crack program on the convenient list of hashes.
(If you use the same hash as the password file, you haven't risked _too_ much,
but using something fast like MD5 invites people to use their pre-computed
"MD5's of a million wimpy passwords" list.
#---
#                                Thanks;  Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---
# Export PGP three lines a time --> http://dcs.ex.ac.uk/~aba/export/
M0V]N9W)E<W,@<VAA;&P@;6%K92!N;R!L87<@+BXN(&%B<FED9VEN9R!T:&4@
M9G)E961O;2!O9B!S<&5E8V@L(&]R(&]F('1H92!P<F5S<SL-"F]R('1H92!R
M:6=H="!O9B!T:&4@<&5O<&QE('!E86-E86)L>2!T;R!A<W-E;6)L92P@( T*