12 Mar
2024
12 Mar
'24
10:23 p.m.
On 3/12/24, Douglas McIlroy <douglas.mcilroy(a)dartmouth.edu> wrote:
That was a memorable
error. Guessing that the passwords were generated by
a simple encoding of the output of rand, Ken promptly
broke 100% of the newly "hardened" password file.
To do that wouldn't you need to know the seed value that was used? Or
did this version of rand() always generate the same sequence of
pseudo-random numbers?
One problem with random password generation is to avoid generating
passwords that are or contain naughty words. VAX/VMS version 4.0
added an option for random password generation. They had a very
extensive list of naughty words in many different languages to filter
the random passwords. During beta test they got a bug report from a
high school. The naughty words text file was world-readable and
students were amusing themselves by reading it. At release the file
was protected so that only privileged users could read it.
-Paul W.