At 8:26 AM -0700 6/4/99, Arnold G. Reinhold wrote:
>At 9:18 AM +1000 6/2/99, Greg Rose wrote:
>>(IMHO the design decision that would most profitably have changed was the
>>limitation to 8 character passwords, not the salt.
>
>I agree with you here, though as Steve Bellovin pointed out, hashing hadn't
>been invented yet. Sigmund Porter first came up with the passphrase idea in
>1981 [1]. The hubris-laden decision to make the passwd file world-readable
>is another candidate for when we get that time machine working.
I also agree with Greg, long passwords are good. However, as a historical
note, Tymshare was using a one-way hash for passwords on its network and
hosts in 1972 when I started working there. Passwords could be "any"*
length and were hashed to a fixed length for storage in the password file.
* They could be any length, but you had to be able to type them within the
login timeout, which set a practical limit. One system programmer liked to
set people's initial password to the letters a-z followed by the digits
0-9. He said that everyone could remember it, and they would always ask
him how to change it.
-------------------------------------------------------------------------
Bill Frantz | The availability and use of secure encryption may |
Periwinkle | offer an opportunity to reclaim some portion of |
Consulting | the privacy we have lost. - B. FLETCHER, Circuit Judge |
