Great Circle Associates Firewalls
(October 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Algorithmically derived passwords
From: Johannes Schwabe <schwabe @ rzaix530 . rz . uni-leipzig . de>
Date: Sat, 25 Oct 1997 09:58:57 +0200 (DFT)
To: sedwards @ sedwards . com
Cc: Firewalls @ GreatCircle . COM
In-reply-to: <Pine . BSI . 3 . 96 . 971023140447 . 4747B-100000 @ tower . sedwards . com> 

On Fri, 24 Oct 1997 sedwards @
 sedwards .
 com wrote:

> One of my clients gives all of their hosts root passwords like:
> 
> 	first-letter-of-host-name + (last-digit-of-host-name * 3) % 10\
> 		+ "^" + 3-somewhat-random-letters
> 

It would maybe even be better to leave the root account passwordless,
this achieves about the same effect with much less hassle.

You have to assume that the attacker knows the "formula". He can go
ahead and try out all possible passwords.

Fish. Shoot. Barrel.
References:
Indexed By Date Previous: Re: Unlimited Users Firewalls
From: "Paul D. Robertson" <proberts @ clark . net>
Next: Re: Unlimited Users Firewalls
From: "Billy Verreynne" <vslabs @ onwe . co . za>
Indexed By Thread Previous: Algorithmically derived passwords
From: sedwards @ sedwards . com
Next: Re: Algorithmically derived passwords
From: Kogula Palan <palank @ pc . jaring . my>
Google
 
Search Internet Search www.greatcircle.com