Anatomy of a Proactive Password Checker
Date: September 1992
Publication: Proceedings of the 3rd UNIX Security Symposium
Page(s): 130 - 139
Source 1: http://nob.cs.ucdavis.edu/~bishop/papers/1992-anatomy/1992-anatomy.pdf
Source 2: http://nob.cs.ucdavis.edu/~bishop/papers/1992-anatomy/1992-anatomy.ps
The issue of poor user selection of passwords has been discussed in many papers and need not be repeated here. Among the techniques used to overcome these problems are random generation of passwords, challenge-response techniques, key crunching, and the examination of user-selected passwords either by cracking them or by analyzing them before allowing the password to be changed. In this paper we look at a program specifically designed to do the latter.
This paper will describe a new version of the UNIX password changing program called passwd+. This program provides extensions to both the password changing facility and the password checking facility. The former allows users to be given full responsibility for, and control over, accounts other than their own; the latter allows the system administrators to constrain password selection so that users cannot install passwords deemed easily guessable.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.