[unisog] RE: is the current password std flawed?

hermit921 hermit921 at yahoo.com
Mon Feb 28 18:06:41 GMT 2005


I have done this for years, and it works well most of the time.  I have run 
into one major problem - once someone cracks the password on one system, it 
is trivial to guess the password on any other system.  Of course, you are 
still better off than using the same password.

The other problem is failover systems.  When a systems fails to another 
host, suddenly my password doesn't work any more!  Then I have to figure 
out which system it failed over to.  OF course there are ways around this, 
including keeping the password the same on all cluster members.

hermit921


At 07:06 PM 2/26/2005, Russell Fulton wrote:
>I really like Dave Dittrich's idea for making that one password that you
>use on many systems safer by adding something predictable (to you) to
>your standard password or phrase.  I will be slightly changing quite a
>few passwords on on Monday!   It is such a simple idea that I am
>surprised that it isn't better known.  Thanks Dave!
>
>I have often used slight variations on an single password before but the
>idea of systematically tying the variation to something in the host name
>(of some other attribute of the machine) had not occurred to me.





More information about the unisog mailing list