Firewalls: Algorithmically derived passwords

Firewalls
(October 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Algorithmically derived passwords
From:	sedwards @ sedwards . com
Date:	Fri, 24 Oct 1997 14:10:31 -0700 (PDT)
To:	Firewalls @ GreatCircle . COM
Reply-to:	sedwards @ sedwards . com

I'm curious as to the "list's" opinion of using a "formula" to create
passwords.

One of my clients gives all of their hosts root passwords like:

	first-letter-of-host-name + (last-digit-of-host-name * 3) % 10\
		+ "^" + 3-somewhat-random-letters

Their logic is that it:

) is not susceptible to dictionary based attacks

) is different for each host (as long as the formula is not known)

) is easy to remember or derive (assuming you know the formula)

What do the experts think?

Thanks in advance,
---------------------------------------------------------------------------
Steve Edwards         sedwards @
 sedwards .
 com          Voice: +1-760-723-2727
Newline                                                Fax: +1-760-731-3000

Follow-Ups:

Re: Algorithmically derived passwords
From: Johannes Schwabe <schwabe @ rzaix530 . rz . uni-leipzig . de>

Indexed By Date	Previous:	Comments please. From: scottrob @ mediaone . net
Indexed By Date	Next:	Use of VPNs ?? From: Dick_Wall @ stratus . com
Indexed By Thread	Previous:	Comments please. From: scottrob @ mediaone . net
Indexed By Thread	Next:	Re: Algorithmically derived passwords From: Johannes Schwabe <schwabe @ rzaix530 . rz . uni-leipzig . de>