home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!wupost!gumby!destroyer!cs.ubc.ca!bcsystems!ewilts
- From: ewilts@galaxy.gov.bc.ca (Ed Wilts)
- Newsgroups: comp.os.vms
- Subject: Re: PASSWORDS & SCHEMES
- Message-ID: <1993Jan8.083254.1478@galaxy.gov.bc.ca>
- Date: 8 Jan 93 08:32:54 -0800
- References: <01GT8W0T1GO2006MJF@VAXF.COLORADO.EDU>
- Distribution: world
- Organization: BC Systems Corporation
- Lines: 54
-
- In article <01GT8W0T1GO2006MJF@VAXF.COLORADO.EDU>, DWING@UH01.Colorado.EDU (Dan Wing) writes:
- > Jon Baker, SYSTEM_JB@UNODE1.NSWC.NAVY.MIL, writes:
- >
- >>We have a problem with users here in that they tend to write passwords down.
- >>"That's bad." Many users have several accounts on different systems and
- >>therefore must remember several passwords. For security purposes, we generate
- >>the passwords and they look like some foreign encryption code. We were
- >>wondering if anyone has or knows of a program or product we could use to check
- >>passwords for a conformity standard (make sure they HAD special characters in
- >>it, etc.) so that we could allow users to make up their own passwords. We
- >>don't do it now since they could just put in their username or a proper name
- >>even with the password checker provided in VMS 5.4. That wouldn't be "prudent"
- >>in a security conscious environment. I guess we could use some extra password
- >>dictionaries as well. O-)
- >
- > You can implement your own site-specific password policy. See
- > SYS$EXAMPLES:VMS$PASSWORD_POLICY.ADA, .B32. This requires changing a SYSGEN
- > parameter (LOAD_PWD_POLICY) so you'll have to reboot a few times to get
- > it working to your satisfaction. I'm sure someone on the net has one
- > written in Macro or C, and would volunteer that program for public
- > consumption?
-
- There is a password policy program in the Decus library written by Ted Nieland
- from Control Data. It's in Fortran. This code includes a check for not only
- words in a supplemental dictionary, but also permutations of the UAF Account
- and Owner fields. For instance, with my username being EWILTS, it will not let
- me set a password of WILTS since it finds "Wilts,Ed" in the owner field. Not
- that that *I* would do this of course, but some users certainly like to pick
- simple passwords.
-
- > Also add site-specific words to your password dictionary (I don't know if a
- > site-specific password policy causes the dictionary and password history to
- > be disabled or supplimented with the site-specific password policy). The
- > VMS V5.5 release notes describe how to best add your own words to the
- > password dictionary (section 2.27.3). Some words used by some worm programs
- > aren't in this dictionary (if you add all the words that you learned in
- > Junior High you'll cover most of them).
-
- Mr. Nieland's code supplements the Digital-supplied dictionary. There are
- routines supplied to build a second dictionary as well as to add words to the
- dictionary (this routine actually rejects a word if it's already in Digital's
- dictionary). I grabbed one of the spelling dictionaries from the Decus library
- and generated a new dictionary from it (I had a spare 9420 lying around at the
- time...). It has over 93,000 words in it - Digital's dictionary has about
- 43,000 words and missing such favorite passwords as 'topsecret'.
-
- If you've got your own set of words to add, it's trivial to do so. Simply
- build a text file containing all the words (trademarks in your company is a
- good start), run the routine to add them to the dictionary, and expire
- everybody's password (or wait for them to naturally expire).
-
- --
- Ed Wilts, BC Systems, 4000 Seymour Place, Victoria, B.C., Canada, V8X 4S8
- EWilts@Galaxy.Gov.BC.CA Office: (604) 389-3430 Fax: (604) 389-3412
-
