Re: Password checking
Philippe Prindeville <philipp@Gipsi.Gipsi.Fr> Fri, 06 April 1990 13:07 UTC
Received: from inria.inria.fr by cert.sei.cmu.edu (5.61/2.2) id AA05138; Fri, 6 Apr 90 09:07:12 -0400
Received: from Gipsi.Gipsi.FR by inria.inria.fr (5.61+/89.0.8) via Fnet-EUnet id AA24976; Fri, 6 Apr 90 15:06:54 +0200 (MET)
Received: by Gipsi.Gipsi.Fr (4.12/4.8) id AA29963; Fri, 6 Apr 90 15:08:15 -0100 (MET)
Date: Fri, 06 Apr 1990 15:08:15 -0100
From: Philippe Prindeville <philipp@Gipsi.Gipsi.Fr>
Message-Id: <9004061408.AA29963@Gipsi.Gipsi.Fr>
X-Phone: +33 1 30 60 75 25 / +33 1 47 34 42 74
To: art@dinorah.wustl.edu
Subject: Re: Password checking
Cc: ssphwg@cert.sei.cmu.edu
First, I wouldn't leave cleartext passwords on any sort of storage device (including mailboxes) -- much safer to log them to a "secure" console. Second, the obvious time to screen a password is when it is set, not periodically. This way you reduce the window of opportunity to zero. -Philip
- Password checking art
- Re: Password checking Paul Pomes, UofIllinois
- Re: Password checking Fuat C. Baran
- Re: Password checking Ken Leonard
- Re: Password checking Philippe Prindeville