Everhart,Glenn From: zrepachol@cc.curtin.edu.au Sent: Thursday, April 09, 1998 5:29 PM To: Info-VAX@Mvb.Saic.Com Subject: Re: VMS vs UNIX (not trolling) My *prefered* password policy is pwdmin=13, pwdlife=400. But the kids don't like it! The long mon forces the use of a pass phrase. These are easy to remember, form a HUGE key space, and a deviod of nice clues to shoulder surfers. Having 3 kids at home who consider it a point of honor to bust each others passwords is an interesting test. You soon confirm that shifted chars, numbers or anything else that breaks a persons typing rythem are instant death to keeping password secure. They cause markers that enable another to ferrit the password chunk at a time. A friend, some time ago, did a check on a password history file. Many of the passwords where a common base, plus a small change. Care to guess hpw many passwords of the form "4" there are out there now? April being the 4th month... But all this is missing the real point if we wish to compare Unix and VMS. CAn you run a Unix system with NO ONE knowing the password to root? many VMS systems run with no one knowing the password to system. Hell, that is why double paswords where brought in! The real difference is not what fruit is in the cryptokey salid, it is wheather or not you can control, trace and audit their use. And if you can give people as much, but no more, access than they require to get on with it. On a Unix box, this means every man and his dog needs the root password. And to forstall the next round, name the unix system, other than LInux and the /BSD flavors that come with sudo standard, and B2. -- ~paul ( prep ) Paul Repacholi, 1 Crescent Rd., erepacholi@cc.curtin.edu.au Kalamunda, +61 (08) 9257-1001 Western Australia. 6076