From: Chris Gorsuch <chrisg@chrisg.itg.ti.com>
Date: Fri, 21 Jul 95 14:20:19 PDT
To: cypherpunks@toad.com
Subject: Re: big word listing
Message-ID: <199507212117.QAA00160@chrisg.itg.ti.com>
MIME-Version: 1.0
Content-Type: text/plain



   The crack library points to some dictionaries which have not only real and
"imagined" (literary) words, but also words from other languages as well.
All in all a good resource.  -see adams message for pointers

   However, the reason I write is if you decide to add users previously used
passwords to the dictionary, make sure your "appendages" to the dictionary
are secured.  Users are notorious for forgetting to change or reusing on 
other machines the passwords from various servers.  The advantage is that
your users will never be able to reuse their old passwords.  The disadvantage
is that your admins can attempt to hack other machines using these passwords.

   A "cryptographic" solution would be to simply store a hash of the password
rather than the password itself in the "appended" dictionary.  A CRYPTOGRAPHIC
solution would be to use one time passwords :).

Chris Gorsuch
chrisg@ti.com 
*I am not responsible for the content of the above message :)