1995-07-22 - Re: big word listing

Header Data

From: stewarts@ix.netcom.com (Bill Stewart)
To: Chris Gorsuch <cypherpunks@toad.com
Message Hash: 278c5a475eb5f60dba4d9f100af74272ec7c7a1d7f1874d627b5c05aaa4e6c69
Message ID: <199507220323.UAA04489@ix7.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1995-07-22 03:26:55 UTC
Raw Date: Fri, 21 Jul 95 20:26:55 PDT

Raw message

From: stewarts@ix.netcom.com (Bill Stewart)
Date: Fri, 21 Jul 95 20:26:55 PDT
To: Chris Gorsuch <cypherpunks@toad.com
Subject: Re: big word listing
Message-ID: <199507220323.UAA04489@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:17 PM 7/21/95 -0500, Chris Gorsuch wrote:
  [ stuff about keeping a dictionary of previously used passwords to prevent
reuse ]
>   A "cryptographic" solution would be to simply store a hash of the password
>rather than the password itself in the "appended" dictionary.  A CRYPTOGRAPHIC
>solution would be to use one time passwords :).

Be _very_ careful if you try this.  After all, it's an invitation for anybody
who runs the dictionary to use a crack program on the convenient list of hashes.
(If you use the same hash as the password file, you haven't risked _too_ much,
but using something fast like MD5 invites people to use their pre-computed
"MD5's of a million wimpy passwords" list.
#---
#                                Thanks;  Bill
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---
# Export PGP three lines a time --> http://dcs.ex.ac.uk/~aba/export/
M0V]N9W)E<W,@<VAA;&P@;6%K92!N;R!L87<@+BXN(&%B<FED9VEN9R!T:&4@
M9G)E961O;2!O9B!S<&5E8V@L(&]R(&]F('1H92!P<F5S<SL-"F]R('1H92!R
M:6=H="!O9B!T:&4@<&5O<&QE('!E86-E86)L>2!T;R!A<W-E;6)L92P@( T*






Thread