%!PS-Adobe-1.0
%%Creator: is.sei.cmu.edu:dvk (Daniel Klein)
%%Title: stdin
%%CreationDate: Fri Feb 22 13:21:40 1991
%%DocumentFonts: Times-Roman Times-Italic Times-Bold Symbol Times-Roman DIThacks
%%Pages: (atend)
%%EndComments
% Start of pscat.pro -- prolog for troff translator
% Copyright (c) 1985,1987 Adobe Systems Incorporated. All Rights Reserved. 
% GOVERNMENT END USERS: See Notice file in TranScript library directory
% -- probably /usr/lib/ps/Notice
% RCS: $Header: pscat.pro,v 2.2 87/11/17 16:40:32 byron Rel $
save /pscatsave exch def
/$pscat 50 dict def
$pscat begin
/fm [1 0 0 1 0 0] def
/xo 0 def /yo 0 def
/M /moveto load def
/R /show load def
/S {exch currentpoint exch pop moveto show}def
/T {exch currentpoint pop exch moveto show}def
/U {3 1 roll moveto show}def
/siz 0 def
/font 0 def
/Z {/siz exch def SF}def
/F {/font exch def SF}def
/SF{font 0 ne
    {catfonts font 1 sub get fm 0 siz put fm 3 siz neg put 
     fm makefont setfont}if}def
/BP{save/catsv exch def 0 792 translate 72 432 div dup neg scale 
  xo yo translate 0 0 moveto}def
/EP{catsv restore showpage}def
% definitions for PPROC callback functions
% each PPROC is called with the following number on the stack:
% pointsize charcode railmag pswidth pschar x y wid
/$pprocs 50 dict def
/fractm [.65 0 0 .6 0 0] def
% fractions
/PS1{gsave $pprocs begin
    /wid exch def pop pop pop pop pop /ch exch def /size exch def
    /pair $pprocs ch get def /cf currentfont def
    cf fractm makefont setfont
    0 .3 size mul 6 mul 2 copy neg rmoveto pair 0 get show rmoveto
    currentfont cf setfont (\244) show setfont
    pair 1 get show grestore wid .06 div 0 rmoveto end}def
$pprocs begin
8#34 [(1)(4)] def
8#36 [(1)(2)] def
8#46 [(3)(4)] def
end
% DIThacks fonts for some special chars
50 dict dup begin
/FontType 3 def
/FontName /DIThacks def
/FontMatrix [.001 0.0 0.0 .001 0.0 0.0] def
/FontBBox [-220 -280 900 900] def% a lie but ...
/Encoding 256 array def
0 1 255{Encoding exch /.notdef put}for
Encoding
 dup 8#040/space put %space
 dup 8#110/rc put %right ceil
 dup 8#111/lt put %left  top curl
 dup 8#112/bv put %bold vert
 dup 8#113/lk put %left  mid curl
 dup 8#114/lb put %left  bot curl
 dup 8#115/rt put %right top curl
 dup 8#116/rk put %right mid curl
 dup 8#117/rb put %right bot curl
 dup 8#120/rf put %right floor
 dup 8#121/lf put %left  floor
 dup 8#122/lc put %left  ceil
 dup 8#140/sq put %square
 dup 8#141/bx put %box
 dup 8#142/ci put %circle
 dup 8#143/br put %box rule
 dup 8#144/rn put %root extender
 dup 8#145/vr put %vertical rule
 dup 8#146/ob put %outline bullet
 dup 8#147/bu put %bullet
 dup 8#150/ru put %rule
 dup 8#151/ul put %underline
 pop
/DITfd 100 dict def
/BuildChar{0 begin
 /cc exch def /fd exch def
 /charname fd /Encoding get cc get def
 /charwid fd /Metrics get charname get def
 /charproc fd /CharProcs get charname get def
 charwid 0 fd /FontBBox get aload pop setcachedevice
 40 setlinewidth
 newpath 0 0 moveto gsave charproc grestore
 end}def
/BuildChar load 0 DITfd put
%/UniqueID 5 def
/CharProcs 50 dict def
CharProcs begin
/space{}def
/.notdef{}def
/ru{500 0 rls}def
/rn{0 750 moveto 500 0 rls}def
/vr{20 800 moveto 0 -770 rls}def
/bv{20 800 moveto 0 -1000 rls}def
/br{20 770 moveto 0 -1040 rls}def
/ul{0 -250 moveto 500 0 rls}def
/ob{200 250 rmoveto currentpoint newpath 200 0 360 arc closepath stroke}def
/bu{200 250 rmoveto currentpoint newpath 200 0 360 arc closepath fill}def
/sq{80 0 rmoveto currentpoint dround newpath moveto
    640 0 rlineto 0 640 rlineto -640 0 rlineto closepath stroke}def
/bx{80 0 rmoveto currentpoint dround newpath moveto
    640 0 rlineto 0 640 rlineto -640 0 rlineto closepath fill}def
/ci{355 333 rmoveto currentpoint newpath 333 0 360 arc
    50 setlinewidth stroke}def
/lt{20 -200 moveto 0 550 rlineto currx 800 2cx s4 add exch s4 a4p stroke}def
/lb{20 800 moveto 0 -550 rlineto currx -200 2cx s4 add exch s4 a4p stroke}def
/rt{20 -200 moveto 0 550 rlineto currx 800 2cx s4 sub exch s4 a4p stroke}def
/rb{20 800 moveto 0 -500 rlineto currx -200 2cx s4 sub exch s4 a4p stroke}def
/lk{20 800 moveto 20 300 -280 300 s4 arcto pop pop 1000 sub
    currentpoint stroke moveto
    20 300 4 2 roll s4 a4p 20 -200 lineto stroke}def
/rk{20 800 moveto 20 300 320 300 s4 arcto pop pop 1000 sub
    currentpoint stroke moveto
    20 300 4 2 roll s4 a4p 20 -200 lineto stroke}def
/lf{20 800 moveto 0 -1000 rlineto s4 0 rls}def
/rf{20 800 moveto 0 -1000 rlineto s4 neg 0 rls}def
/lc{20 -200 moveto 0 1000 rlineto s4 0 rls}def
/rc{20 -200 moveto 0 1000 rlineto s4 neg 0 rls}def
end
/Metrics 50 dict def Metrics begin
/.notdef 0 def
/space 500 def
/ru 500 def
/br 0 def
/lt 250 def
/lb 250 def
/rt 250 def
/rb 250 def
/lk 250 def
/rk 250 def
/rc 250 def
/lc 250 def
/rf 250 def
/lf 250 def
/bv 250 def
/ob 350 def
/bu 350 def
/ci 750 def
/bx 750 def
/sq 750 def
/rn 500 def
/ul 500 def
/vr 0 def
end
DITfd begin
/s2 500 def /s4 250 def /s3 333 def
/a4p{arcto pop pop pop pop}def
/2cx{2 copy exch}def
/rls{rlineto stroke}def
/currx{currentpoint pop}def
/dround{transform round exch round exch itransform} def
end
end
/DIThacks exch definefont pop
/catfonts [
	/Times-Roman findfont
	/Times-Italic findfont
	/Times-Bold findfont
	/Symbol findfont
	/Times-Roman findfont
	/DIThacks findfont
	] def
%%EndProlog
%%Page: ? 1
BP
3 F
72 Z
1360 672(``Foiling)U
1648(the)S
1768(Cracker'':)S
2531 762(y)U
859(A)S
935(Survey)S
1175(of,)S
1277(and)S
1417(Improvements)S
1889(to,)S
1991(Password)S
2311(Securit)S
60 Z
2567 726(\262)U
1 F
1353 1014(S)U
2 F
1534 906(Daniel)U
1718(V.)S
1790(Klein)S
1 F
1386 1014(oftware)U
1590(Engineering)S
1905(Institute)S
1385 1086(Carnegie)U
1623(Mellon)S
1817(University)S
1454 1158(Pittsburgh,)U
1736(PA)S
1852(15217)S
1511 1230(dvk)U
5 F
(@)R
1 F
(sei.cmu.edu)R
1516 1302(+1)U
1599(412)S
1709(268)S
1819(7791)S
798 1662(W)U
2 F
1586 1518(ABSTRACT)U
1 F
855 1662(ith)U
946(the)S
1047(rapid)S
1198(burgeoning)S
1499(of)S
1576(national)S
1798(and)S
1911(internati)S
2113(onal)S
2243(networks,)S
2504(the)S
2604(question)S
2781 1734(e)U
648 1806(c)U
648 1734(of)U
721(system)S
911(security)S
1125(has)S
1228(become)S
1439(one)S
1548(of)S
1620(growing)S
1842(importance)S
2114(.)S
2171(High)S
2313(speed)S
2472(inter-mac)S
2704(hin)S
675 1806(ommunicat)U
947(ion)S
1046(and)S
1155(even)S
1291(higher)S
1466(speed)S
1624(computati)S
1866(onal)S
1991(processors)S
2265(have)S
2400(made)S
2552(the)S
2647(threats)S
648 1950(o)U
648 1878(of)U
721(system)S
911(``crackers,'')S
1230(data)S
1354(theft,)S
1503(data)S
1627(corruption)S
1901(very)S
2031(real.)S
2180(This)S
2310(paper)S
2467(outlines)S
2681(some)S
678 1950(f)U
719(the)S
814(problems)S
1059(of)S
1130(current)S
1322(password)S
1569(security)S
1781(by)S
1862(demonstrating)S
2228(the)S
2323(ease)S
2447(by)S
2527(which)S
2694(indi-)S
648 2094(\256)U
648 2022(vidual)U
820(accounts)S
1052(may)S
1176(be)S
1253(broken.)S
1475(Various)S
1685(techniques)S
1963(used)S
2093(by)S
2173(crackers)S
2394(are)S
2488(outlined,)S
2721(and)S
681 2094(nally)U
823(one)S
931(solution)S
1146(to)S
1214(this)S
1322(point)S
1466(of)S
1536(system)S
1723(vulnerabili)S
1985(ty,)S
2067(a)S
2114(proactive)S
2359(password)S
2605(checker,)S
648 2166(is)U
708(proposed.)S
3 F
810 2382(n)U
1 F
432 2475(T)U
3 F
432 2382(1.)U
517(Introductio)S
1 F
469 2475(he)U
556(security)S
777(of)S
856(accounts)S
1096(and)S
1212(passwords)S
1490(has)S
1599(always)S
1795(been)S
1938(a)S
1994(concern)S
2214(for)S
2313(the)S
2416(developers)S
2706(and)S
2822(users)S
2974(of)S
432 2619(c)U
432 2547(Unix.)U
617(When)S
791(Unix)S
941(was)S
1064(younger,)S
1306(the)S
1410(password)S
1666(encryption)S
1953(algorithm)S
2217(was)S
2339(a)S
2395(simulation)S
2679(of)S
2758(the)S
2861(M-209)S
459 2619(ipher)U
606(machine)S
834(used)S
967(by)S
1050(the)S
1147(U.S.)S
1276(Army)S
1439(during)S
1619(World)S
1796(War)S
1923(II)S
1983([Morris1979].)S
2364(This)S
2494(was)S
2610(a)S
2660(fair)S
2766(encryption)S
3001 2691(s)U
432 2763(t)U
432 2691(mechanism)U
732(in)S
803(that)S
918(it)S
976(was)S
1093(dif\256cult)S
1308(to)S
1379(invert)S
1544(under)S
1705(the)S
1803(proper)S
1984(circumstanc)S
2276(es,)S
2365(but)S
2466(suffered)S
2687(in)S
2758(that)S
2873(it)S
2931(wa)S
449 2763(oo)U
530(fast)S
638(an)S
716(algorithm.)S
1007(On)S
1101(a)S
1149(PDP-11/70,)S
1451(each)S
1583(encryption)S
1862(took)S
1990(approximate)S
2292(ly)S
2360(1.25ms,)S
2570(so)S
2643(that)S
2754(it)S
2808(was)S
2921(pos-)S
3004 2835(r)U
432 2907(c)U
432 2835(sible)U
574(to)S
649(check)S
818(roughly)S
1033(800)S
1151(passwords/second.)S
1647(Armed)S
1842(with)S
1977(a)S
2032(dictionary)S
2305(of)S
2382(250,000)S
2604(words,)S
2792(a)S
2846(cracke)S
459 2907(ould)U
595(compare)S
832(their)S
972(encryptions)S
1282(with)S
1418(those)S
1574(all)S
1664(stored)S
1840(in)S
1916(the)S
2019(password)S
2274(\256le)S
2380(in)S
2455(a)S
2510(little)S
2650(more)S
2802(than)S
2934(\256ve)S
432 3072(I)U
432 2979(minutes.)U
678(Clearly,)S
891(this)S
998(was)S
1111(a)S
1158(security)S
1369(hole)S
1493(worth)S
1653(\256lling.)S
452 3072(n)U
510(later)S
646(\(post-1976\))S
954(versions)S
1182(of)S
1260(Unix,)S
1423(the)S
1525(DES)S
1666(algorithm)S
1921([DES1975])S
2221(was)S
2341(used)S
2478(to)S
2552(encrypt)S
2760(passwords.)S
432 3216(r)U
432 3144(The)U
547(user's)S
711(password)S
958(is)S
1019(used)S
1150(as)S
1220(the)S
1314(DES)S
1447(key,)S
1569(and)S
1676(the)S
1770(algorithm)S
2025(is)S
2085(used)S
2215(to)S
2282(encrypt)S
2483(a)S
2530(constant.)S
2786(The)S
2900(algo-)S
452 3216(ithm)U
587(is)S
651(iterate)S
803(d)S
857(25)S
941(times,)S
1111(with)S
1242(the)S
1340(result)S
1498(being)S
1656(an)S
1737(11)S
1821(charact)S
1996(er)S
2067(string)S
2227(plus)S
2350(a)S
2400(2-charact)S
2625(er)S
2695(``salt.'')S
2917(This)S
432 3360(p)U
432 3288(method)U
640(is)S
727(similarly)S
969(dif\256cult)S
1187(to)S
1261(decrypt)S
1469(\(further)S
1680(complica)S
1902(ted)S
2003(through)S
2217(the)S
2318(introduction)S
2639(of)S
2715(one)S
2828(of)S
2904(4096)S
462 3360(ossible)U
654(salt)S
763(values\))S
962(and)S
1074(had)S
1186(the)S
1285(added)S
1454(advantage)S
1724(of)S
1798(being)S
1956(slow.)S
2128(On)S
2225(a)S
4 F
2276(m)S
1 F
(VAX-II)R
2524(\(a)S
2595(machine)S
2824(substan-)S
432 3504(c)U
432 3432(tially)U
582(faster)S
741(than)S
870(a)S
922(PDP-11/70\),)S
1248(a)S
1300(single)S
1469(encryption)S
1752(takes)S
1901(on)S
1986(the)S
2085(order)S
2236(of)S
2310(280ms,)S
2509(so)S
2586(that)S
2701(a)S
2752(determine)S
2994(d)S
459 3504(racker)U
642(can)S
758(only)S
897(check)S
1070(approximate)S
1372(ly)S
1451(3.6)S
1558(encryptions)S
1871(a)S
1930(second.)S
2163(Checking)S
2425(this)S
2543(same)S
2698(dictionary)S
2974(of)S
432 3648(t)U
432 3576(250,000)U
650(words)S
819(would)S
992(now)S
1118(take)S
1242(over)S
1372(19)S
2 F
1455(hours)S
1 F
1614(of)S
1687(CPU)S
1826(time.)S
1992(Although)S
2242(this)S
2352(is)S
2415(still)S
2529(not)S
2629(very)S
2759(much)S
2916(time)S
449 3648(o)U
501(break)S
657(a)S
706(single)S
872(account,)S
1097(there)S
1240(is)S
1302(no)S
1384(guarantee)S
1641(that)S
1754(this)S
1863(account)S
2073(will)S
2189(use)S
2291(one)S
2399(of)S
2470(these)S
2615(words)S
2782(as)S
2853(a)S
2901(pass-)S
432 3792(\()U
432 3720(word.)U
619(Checking)S
879(the)S
982(passwords)S
1260(on)S
1349(a)S
1405(system)S
1601(with)S
1737(50)S
1826(accounts)S
2066(would)S
2245(take)S
2375(on)S
2464(average)S
2681(40)S
2770(CPU)S
2 F
2914(days)S
1 F
452 3792(since)U
609(the)S
716(random)S
933(selection)S
1180(of)S
1262(salt)S
1378(values)S
1564(practica)S
1756(lly)S
1852(guarantee)S
2087(s)S
2142(that)S
2265(each)S
2408(user's)S
2583(password)S
2841(will)S
2967(be)S
3004 3864(-)U
432 3936(b)U
432 3864(encrypted)U
697(with)S
831(a)S
885(different)S
1119(salt\),)S
1264(with)S
1397(no)S
1483(guarantee)S
1744(of)S
1820(success.)S
2061(If)S
2127(this)S
2240(new,)S
2381(slow)S
2520(algorithm)S
2781(was)S
2900(com)S
462 3936(ined)U
600(with)S
741(the)S
849(user)S
983(education)S
1252(needed)S
1457(to)S
1538(prevent)S
1753(the)S
1861(selection)S
2110(of)S
2194(obvious)S
2418(passwords,)S
2716(the)S
2823(problem)S
6 F
48 Z
432 4113(h)U
1 F
60 Z
432 4008(seemed)U
633(solved.)S
6 F
48 Z
456 4113(hhhhhhhhhhhhhhhhh)U
1 F
492 4182(\262)U
540(This)S
641(work)S
756(was)S
847(sponsored)S
1058(in)S
1111(part)S
1201(by)S
1265(the)S
1339(U.S.)S
1441(Department)S
1682(of)S
1738(Defense.)S
EP
%%Page: ? 2
BP
1 F
60 Z
432 438(R)U
1673 222(-)U
1713(2)S
1763(-)S
472 438(egrettabl)U
684(y,)S
757(two)S
875(recent)S
1051(development)S
1363(s)S
1414(and)S
1528(the)S
1629(recurrence)S
1911(of)S
1988(an)S
2072(old)S
2176(one)S
2290(have)S
2431(brought)S
2645(the)S
2746(problem)S
2974(of)S
432 510(password)U
678(security)S
889(back)S
1023(to)S
1090(the)S
1184(fore.)S
582 603(1\))U
732(CPU)S
871(speeds)S
1054(have)S
1191(gotten)S
1365(increasingly)S
1683(faster)S
1840(since)S
1986(1976,)S
2143(so)S
2218(much)S
2374(so)S
2449(that)S
2562(processors)S
2837(that)S
2950(are)S
2997 675(e)U
732 747(r)U
732 675(25-40)U
894(times)S
1047(faster)S
1203(than)S
1329(the)S
1425(PDP-11/70)S
1713(\(e.g.,)S
1857(the)S
1953(DECstation)S
2256(3100)S
2398(used)S
2530(in)S
2599(this)S
2708(research\))S
2950(ar)S
752 747(eadily)U
921(availabl)S
1113(e)S
1161(as)S
1232(desktop)S
1440(workstations.)S
1803(With)S
1945(inter-networking,)S
2386(many)S
2541(sites)S
2669(have)S
2804(hundreds)S
732 891(t)U
732 819(of)U
805(the)S
902(individual)S
1170(workstations)S
1500(connecte)S
1715(d)S
1768(together,)S
2004(and)S
2114(enterprising)S
2424(crackers)S
2647(are)S
2743(discovering)S
749 891(hat)U
845(the)S
941(``divide)S
1154(and)S
1263(conquer'')S
1519(algorithm)S
1776(can)S
1882(be)S
1961(extended)S
2201(to)S
2270(multiple)S
2493(processors,)S
2782(especial)S
2977(ly)S
3001 963(s)U
732 1035(t)U
732 963(at)U
801(night)S
950(when)S
1105(those)S
1257(processors)S
1535(are)S
1634(not)S
1736(otherwise)S
1995(being)S
2153(used.)S
2322(Literal)S
2484(ly)S
2555(thousands)S
2819(of)S
2893(time)S
749 1035(he)U
826(computati)S
1068(onal)S
1192(power)S
1362(of)S
1432(10)S
1512(years)S
1659(ago)S
1766(can)S
1870(be)S
1947(used)S
2077(to)S
2144(break)S
2298(passwords.)S
2997 1128(e)U
582(2\))S
732(New)S
874(impleme)S
1086(ntations)S
1305(of)S
1383(the)S
1485(DES)S
1626(encryption)S
1912(algorithm)S
2175(have)S
2317(been)S
2459(developed,)S
2750(so)S
2831(that)S
2950(th)S
732 1200(time)U
864(it)S
922(takes)S
1070(to)S
1140(encrypt)S
1344(a)S
1394(password)S
1643(and)S
1753(compare)S
1984(the)S
2081(encryption)S
2362(against)S
2556(the)S
2653(value)S
2807(stored)S
2977(in)S
3004 1272(-)U
732 1344(g)U
732 1272(the)U
827(password)S
1074(\256le)S
1172(has)S
1273(dropped)S
1491(below)S
1659(the)S
1754(1ms)S
1875(mark)S
2019([Bishop1988,)S
2354(Feldmeier1989].)S
2794(On)S
2887(a)S
2934(sin)S
762 1344(le)U
832(workstation,)S
1157(the)S
1257(dictionary)S
1528(of)S
1604(250,000)S
1825(words)S
1997(can)S
2107(once)S
2247(again)S
2404(be)S
2487(cracked)S
2700(in)S
2772(under)S
2934(\256ve)S
3007 1416(t)U
732 1488(t)U
732 1416(minutes.)U
985(By)S
1081(dividing)S
1308(the)S
1408(work)S
1557(across)S
1733(multiple)S
1961(workstations,)S
2309(the)S
2409(time)S
2543(required)S
2770(to)S
2843(encryp)S
749 1488(hese)U
886(words)S
1062(against)S
1263(all)S
1354(4096)S
1504(salt)S
1618(values)S
1802(could)S
1965(be)S
2051(no)S
2140(more)S
2293(than)S
2426(an)S
2512(hour)S
2651(or)S
2730(so.)S
2847(With)S
2997(a)S
732 1632(e)U
732 1560(recently)U
965(described)S
1234(hardware)S
1496(impleme)S
1708(ntation)S
1914(of)S
2002(the)S
2113(DES)S
2263(algorithm,)S
2550(the)S
2661(time)S
2806(for)S
2913(each)S
759 1632(ncryption)U
1014(can)S
1122(be)S
1203(reduced)S
1418(to)S
1489(approximate)S
1791(ly)S
1862(6)S
4 F
1916(m)S
1 F
(s)R
1994([Leong1991].)S
2367(This)S
2498(means)S
2676(that)S
2790(this)S
2900(same)S
582 1797(3)U
732 1704(dictionary)U
997(can)S
1101(be)S
1178(be)S
1255(cracked)S
1463(in)S
1530(only)S
1657(1.5)S
1752(seconds.)S
612 1797(\))U
732(Users)S
889(are)S
984(rarely,)S
1161(if)S
1219(ever,)S
1359(educate)S
1544(d)S
1595(as)S
1666(to)S
1734(what)S
1872(are)S
1966(wise)S
2096(choices)S
2297(for)S
2387(passwords.)S
2691(If)S
2751(a)S
2798(password)S
3007 1869(t)U
732 1941(c)U
732 1869(is)U
802(in)S
879(a)S
936(dictionary,)S
1225(it)S
1288(is)S
1357(extremel)S
1569(y)S
1628(vulnerable)S
1912(to)S
1988(being)S
2151(cracked,)S
2383(and)S
2499(users)S
2651(are)S
2754(simply)S
2947(no)S
759 1941(oached)U
957(as)S
1034(to)S
1108(``safe'')S
1312(choices)S
1520(for)S
1617(passwords.)S
1928(Of)S
2018(those)S
2172(users)S
2322(who)S
2452(are)S
2553(so)S
2633(educate)S
2818(d,)S
2890(many)S
3009 2013(.)U
732 2085(M)U
732 2013(think)U
879(that)S
993(simply)S
1180(because)S
1394(their)S
1528(password)S
1777(is)S
1840(not)S
1940(in)S
2010(/)S
2 F
(usr)R
1 F
(/)R
2 F
(dict)R
1 F
(/)R
2 F
(words)R
1 F
(,)R
2411(it)S
2467(is)S
2529(safe)S
2648(from)S
2787(detecti)S
2949(on)S
785 2085(any)U
899(users)S
1049(also)S
1173(say)S
1279(that)S
1396(because)S
1613(they)S
1743(do)S
1829(not)S
1932(have)S
2072(any)S
2185(private)S
2379(\256les)S
2505(on-line,)S
2717(they)S
2847(are)S
2947(not)S
3007 2157(t)U
732 2229(t)U
732 2157(concerned)U
1001(with)S
1129(the)S
1224(security)S
1436(of)S
1507(their)S
1639(account,)S
1863(little)S
1996(realizi)S
2148(ng)S
2229(that)S
2341(by)S
2422(providing)S
2677(an)S
2755(entry)S
2900(poin)S
749 2229(o)U
811(the)S
917(system)S
1116(they)S
1252(allow)S
1418(damage)S
1638(to)S
1717(be)S
1806(wrought)S
2038(on)S
2130(their)S
2273(entire)S
2442(system)S
2640(by)S
2731(a)S
2789(malici)S
2941(ous)S
432 2394(B)U
732 2301(cracker.)U
472 2394(ecause)U
658(the)S
757(entirety)S
967(of)S
1042(the)S
1141(password)S
1392(\256le)S
1494(is)S
1559(readable)S
1788(by)S
1872(all)S
1957(users,)S
2119(the)S
2217(encrypted)S
2479(passwords)S
2752(are)S
2850(vulner-)S
432 2538(s)U
432 2466(able)U
561(to)S
636(cracking,)S
887(both)S
1022(on-site)S
1214(and)S
1329(off-site.)S
1566(Many)S
1734(sites)S
1869(have)S
2011(responded)S
2286(to)S
2361(this)S
2476(threat)S
2642(with)S
2777(a)S
2832(reactive)S
455 2538(olution)U
650(\261)S
704(they)S
832(scan)S
963(their)S
1098(own)S
1225(password)S
1475(\256les)S
1598(and)S
1708(advise)S
1885(those)S
2035(users)S
2181(whose)S
2357(passwords)S
2629(they)S
2756(are)S
2853(able)S
2977(to)S
2997 2610(e)U
432 2682(i)U
432 2610(crack.)U
619(The)S
733(problem)S
954(with)S
1081(this)S
1188(solution)S
1402(is)S
1462(that)S
1573(while)S
1727(the)S
1821(local)S
1959(site)S
2063(is)S
2123(testing)S
2304(its)S
2381(security,)S
2607(the)S
2701(password)S
2947(\256l)S
449 2682(s)U
493(still)S
605(vulnerable)S
881(from)S
1019(the)S
1114(outside.)S
1343(The)S
1457(other)S
1601(problems,)S
1860(of)S
1930(course,)S
2122(are)S
2216(that)S
2327(the)S
2421(testing)S
2602(is)S
2662(very)S
2789(time)S
2917(con-)S
3004 2754(-)U
432 2826(w)U
432 2754(suming)U
634(and)S
746(only)S
878(reports)S
1070(on)S
1155(those)S
1307(passwords)S
1581(it)S
1640(is)S
1705(able)S
1831(to)S
1903(crack.)S
2094(It)S
2156(does)S
2291(nothing)S
2500(to)S
2572(address)S
2777(user)S
2901(pass)S
475 2826(ords)U
599(which)S
767(fall)S
869(outside)S
1064(of)S
1135(the)S
1230(speci\256c)S
1435(test)S
1540(cases)S
1688(\(e.g.,)S
1831(it)S
1886(is)S
1946(possible)S
2163(for)S
2253(a)S
2300(user)S
2420(to)S
2487(use)S
2587(as)S
2657(a)S
2704(password)S
2950(the)S
3007 2898(t)U
432 2970(t)U
432 2898(letters)U
602(``qwerty'')S
871(\261)S
923(if)S
982(this)S
1091(combinati)S
1333(on)S
1415(is)S
1477(not)S
1576(in)S
1645(the)S
1741(in-house)S
1970(test)S
2076(dictionary,)S
2358(it)S
2414(will)S
2530(not)S
2629(be)S
2708(detecte)S
2880(d,)S
2947(bu)S
449 2970(here)U
573(is)S
633(nothing)S
837(to)S
904(stop)S
1024(an)S
1101(outside)S
1295(cracker)S
1493(from)S
1630(having)S
1814(a)S
1861(more)S
2005(sophisticated)S
2340(dictionary!\).)S
3004 3063(-)U
432 3135(w)U
432 3063(Clearly,)U
651(one)S
764(solution)S
984(to)S
1057(this)S
1169(is)S
1234(to)S
1306(either)S
1469(make)S
1625(/)S
2 F
(etc)R
1 F
(/)R
2 F
(passwd)R
1 F
1931(unreadable)S
2196(,)S
2236(or)S
2311(to)S
2383(make)S
2539(the)S
2638(encrypted)S
2901(pass)S
475 3135(ord)U
578(portion)S
775(of)S
848(the)S
945(\256le)S
1045(unreadable)S
1310(.)S
1368(Splitting)S
1599(the)S
1696(\256le)S
1796(into)S
1913(two)S
2026(pieces)S
2200(\261)S
2253(a)S
2303(readable)S
2531(/)S
2 F
(etc)R
1 F
(/)R
2 F
(passwd)R
1 F
2834(with)S
2963(all)S
432 3279(s)U
432 3207(but)U
532(the)S
629(encrypted)S
890(password)S
1139(present,)S
1351(and)S
1461(a)S
1511(``shadow)S
1757(password'')S
2046(\256le)S
2146(that)S
2259(is)S
2321(only)S
2450(readable)S
2677(by)S
3 F
2759(root)S
1 F
2888(is)S
2950(the)S
455 3279(olution)U
653(proposed)S
900(by)S
987(Sun)S
1107(Microsystems)S
1471(\(and)S
1605(others\))S
1799(that)S
1917(appears)S
2127(to)S
2200(be)S
2283(gaining)S
2490(popularity.)S
2799(It)S
2862(seems,)S
3009 3351(,)U
432 3423(i)U
432 3351(however,)U
678(that)S
793(this)S
904(solution)S
1122(will)S
1240(not)S
1341(reach)S
1496(the)S
1593(majority)S
1821(of)S
1894(non-Sun)S
2120(systems)S
2333(for)S
2426(quite)S
2570(a)S
2620(while,)S
2792(nor)S
2895(even)S
449 3423(n)U
499(fact,)S
625(many)S
779(Sun)S
892(systems,)S
1117(due)S
1224(to)S
1291(many)S
1445(sites')S
1592(reluctanc)S
1814(e)S
1861(to)S
1928(install)S
2096(new)S
2216(releases)S
2427(of)S
2497(software.)S
42 Z
2719 3402(\262)U
60 Z
3001 3516(s)U
432 3588(t)U
432 3516(What)U
588(I)S
633(propose,)S
863(therefore,)S
1121(is)S
1185(a)S
1236(publicly)S
1458(availabl)S
1650(e)S
2 F
1701(proactive)S
1 F
1953(password)S
2203(checker,)S
2430(which)S
2601(will)S
2719(enable)S
2901(user)S
449 3588(o)U
501(change)S
694(their)S
827(passwords,)S
1113(and)S
1222(to)S
1291(check)S
2 F
1454(a)S
1506(priori)S
1 F
1668(whether)S
1884(the)S
1980(new)S
2102(password)S
2350(is)S
2412(``safe.'')S
2646(The)S
2761(criteria)S
2954(for)S
3009 3660(,)U
432 3732(i)U
432 3660(safety)U
598(should)S
780(be)S
859(tunable)S
1059(on)S
1141(a)S
1190(per-site)S
1393(basis,)S
1550(depending)S
1823(on)S
1905(the)S
2001(degree)S
2184(of)S
2256(security)S
2469(desired.)S
2700(For)S
2804(example)S
449 3732(t)U
492(should)S
678(be)S
761(possible)S
984(to)S
1057(specify)S
1257(a)S
1310(minimum)S
1571(length)S
1748(password,)S
2015(a)S
2067(restriction)S
2337(that)S
2453(only)S
2585(lower)S
2747(case)S
2876(letters)S
3001 3804(s)U
432 3876(p)U
432 3804(are)U
535(not)S
641(allowed,)S
876(that)S
996(a)S
1052(password)S
1307(that)S
1427(looks)S
1586(like)S
1706(a)S
1762(license)S
1959(plate)S
2106(be)S
2192(illegal)S
2344(,)S
2388(and)S
2504(so)S
2585(on.)S
2708(Because)S
2937(thi)S
462 3876(roactive)U
681(checker)S
892(will)S
1009(deal)S
1133(with)S
1263(the)S
1360(pre-encrypte)S
1665(d)S
1718(passwords,)S
2005(it)S
2062(will)S
2179(be)S
2259(able)S
2383(to)S
2453(perform)S
2670(more)S
2817(sophisti-)S
6 F
48 Z
432 4008(h)U
1 F
60 Z
432 3948(cated)U
581(pattern)S
770(matching)S
1016(on)S
1097(the)S
1192(password,)S
1454(and)S
1561(will)S
1675(be)S
1752(able)S
1873(to)S
1940(test)S
2044(the)S
2138(safety)S
2302(without)S
2506(having)S
2690(to)S
2757(go)S
2837(through)S
6 F
48 Z
456 4008(hhhhhhhhhhhhhhhhh)U
1 F
492 4077(\262)U
540(The)S
633(problem)S
811(of)S
870(lack)S
968(of)S
1027(password)S
1228(security)S
1398(is)S
1449(not)S
1529(just)S
1617(endemic)S
1797(to)S
1853(Unix.)S
1995(A)S
2048(recent)S
2182(Vax/VMS)S
2398(worm)S
2528(had)S
2615(great)S
2728(suc-)S
2792 4137(-)U
432 4197(d)U
432 4137(cess)U
529(by)S
594(simply)S
741(trying)S
872(the)S
947(username)S
1147(as)S
1204(the)S
1279(password.)S
1506(Even)S
1621(though)S
1770(the)S
1844(VMS)S
1965(user)S
2061(authorizati)S
2264(on)S
2328(\256le)S
2405(is)S
2453(inaccessible)S
2699(to)S
2752(or)S
456 4197(inary)U
570(users,)S
697(the)S
771(cracker)S
927(simply)S
1073(tried)S
1176(a)S
1213(number)S
1375(of)S
1431(``obvious'')S
1663(password)S
1861(choices)S
2020(\261)S
2060(and)S
2145(easily)S
2272(gained)S
2415(access.)S
EP
%%Page: ? 3
BP
1 F
60 Z
432 438(t)U
1673 222(-)U
1713(3)S
1763(-)S
449 438(he)U
528(effort)S
684(of)S
756(cracking)S
986(the)S
1082(encrypted)S
1342(version.)S
1576(Because)S
1798(the)S
1893(checking)S
2132(will)S
2247(be)S
2325(done)S
2463(automati)S
2675(cally,)S
2829(the)S
2924(pro-)S
432 582(o)U
432 510(cess)U
553(of)S
624(education)S
880(can)S
985(be)S
1063(transferred)S
1345(to)S
1413(the)S
1508(machine,)S
1749(which)S
1917(will)S
2032(instruct)S
2234(the)S
2329(user)S
2 F
2450(why)S
1 F
2567(a)S
2614(particula)S
2826(r)S
2866(choice)S
462 582(f)U
502(password)S
748(is)S
808(bad.)S
3 F
1097 726(y)U
1 F
432 819(I)U
3 F
432 726(2.)U
517(Password)S
783(Vulnerabilit)S
1 F
452 819(t)U
491(has)S
593(long)S
722(been)S
858(known)S
1043(that)S
1156(all)S
1239(a)S
1287(cracker)S
1486(need)S
1621(do)S
1702(to)S
1770(acquire)S
1969(access)S
2144(to)S
2212(a)S
2260(Unix)S
2401(machine)S
2627(is)S
2688(to)S
2756(follow)S
2934(two)S
432 891(simple)U
613(steps,)S
768(namely:)S
582 984(1\))U
732(Acquire)S
949(a)S
999(copy)S
1139(of)S
1212(that)S
1326(site's)S
1476(/)S
2 F
(etc)R
1 F
(/)R
2 F
(passwd)R
1 F
1780(\256le,)S
1895(either)S
2055(through)S
2264(an)S
2343(unprotected)S
2 F
2650(uucp)S
1 F
2789(link,)S
2920(well)S
582 1149(2)U
732 1056(known)U
915(holes)S
1062(in)S
2 F
1129(sendmail)S
1 F
(,)R
1381(or)S
1451(via)S
2 F
1545(ftp)S
1 F
1629(or)S
2 F
1699(tftp)S
1 F
(.)R
612 1149(\))U
732(Apply)S
904(the)S
1000(standard)S
1226(\(or)S
1318(a)S
1366(sped-up\))S
1597(version)S
1795(of)S
1866(the)S
1961(password)S
2208(encryption)S
2487(algorithm)S
2743(to)S
2811(a)S
2859(collec-)S
3009 1221(,)U
732 1293(a)U
732 1221(tion)U
849(of)S
921(words,)S
1104(typicall)S
1286(y)S
1338(/)S
2 F
(usr)R
1 F
(/)R
2 F
(dict)R
1 F
(/)R
2 F
(words)R
1 F
1724(plus)S
1846(some)S
1995(permutati)S
2227(ons)S
2332(on)S
2414(account)S
2624(and)S
2733(user)S
2855(names)S
759 1293(nd)U
839(compare)S
1067(the)S
1161(encrypted)S
1419(results)S
1596(to)S
1663(those)S
1810(found)S
1970(in)S
2037(the)S
2131(purloined)S
2382(/)S
2 F
(etc)R
1 F
(/)R
2 F
(passwd)R
1 F
2683(\256le.)S
2994 1386(d)U
432 1458(m)U
432 1386(If)U
504(a)S
563(match)S
743(is)S
815(found)S
987(\(and)S
1126(often)S
1282(at)S
1357(least)S
1499(one)S
1617(will)S
1742(be)S
1830(found\),)S
2036(the)S
2141(cracker)S
2350(has)S
2461(access)S
2646(to)S
2724(the)S
2829(targete)S
479 1458(achine.)U
708(Certainly,)S
984(this)S
1107(mode)S
1277(of)S
1363(attack)S
1544(has)S
1660(been)S
1810(known)S
2009(for)S
2115(some)S
2278(time)S
2406([Spafford1988],)S
2827(and)S
2950(the)S
432 1602(a)U
432 1530(defenses)U
670(against)S
872(this)S
990(attack)S
1166(have)S
1311(also)S
1439(long)S
1577(been)S
1722(known.)S
1951(What)S
2113(is)S
2184(lacking)S
2393(from)S
2541(the)S
2646(literat)S
2788(ure)S
2896(is)S
2967(an)S
459 1602(ccounting)U
724(of)S
801(just)S
915(how)S
1045(vulnerable)S
1327(sites)S
1461(are)S
1562(to)S
1635(this)S
1748(mode)S
1908(of)S
1984(attack.)S
2190(In)S
2266(short,)S
2427(many)S
2587(people)S
2774(know)S
2933(that)S
432 1767(`)U
432 1674(there)U
573(is)S
633(a)S
680(problem,)S
916(but)S
1013(few)S
1123(people)S
1304(believe)S
1499(it)S
1553(applies)S
1744(to)S
1811(them.)S
452 1767(`There)U
634(is)S
695(a)S
743(\256ne)S
854(line)S
966(between)S
1188(helping)S
1390(administrat)S
1662(ors)S
1756(protect)S
1945(their)S
2077(systems)S
2288(and)S
2396(providing)S
2650(a)S
2697(cookbook)S
2954(for)S
432 1911(v)U
432 1839(bad)U
548(guys.'')S
736([Grampp1984])S
1122(The)S
1245(problem)S
1475(here,)S
1623(therefore,)S
1885(is)S
1954(how)S
2086(to)S
2162(divulge)S
2372(useful)S
2548(information)S
2862(on)S
2950(the)S
462 1911(ulnerabili)U
694(ty)S
767(of)S
843(systems,)S
1074(without)S
1284(providing)S
1543(too)S
1645(much)S
1804(information,)S
2129(since)S
2278(almost)S
2464(certainl)S
2646(y)S
2701(this)S
2813(informa-)S
3004 1983(I)U
432 2055(d)U
432 1983(tion)U
550(could)S
708(be)S
789(used)S
923(by)S
1007(a)S
1058(cracker)S
1260(to)S
1331(break)S
1489(into)S
1607(some)S
1758(as-yet)S
1925(unviolated)S
2203(system.)S
2428(Most)S
2574(of)S
2647(the)S
2744(work)S
2890(that)S
462 2055(id)U
533(was)S
650(of)S
724(a)S
775(general)S
977(nature)S
1151(\261)S
1204(I)S
1247(did)S
1347(not)S
1447(focus)S
1600(on)S
1683(a)S
1733(particula)S
1945(r)S
1988(user)S
2111(or)S
2184(a)S
2234(particula)S
2446(r)S
2489(system,)S
2694(and)S
2804(I)S
2847(did)S
2947(not)S
432 2199(w)U
432 2127(use)U
534(any)S
643(personal)S
869(information)S
1176(that)S
1289(might)S
1452(be)S
1531(at)S
1597(the)S
1693(disposal)S
1912(of)S
1983(a)S
2031(dedicate)S
2233(d)S
2284(``bad)S
2432(guy.'')S
2618(Thus)S
2759(any)S
2867(results)S
475 2199(hich)U
601(I)S
643(have)S
779(been)S
915(able)S
1038(to)S
1107(garner)S
1282(indicate)S
1495(only)S
1623(general)S
1822(trends)S
1990(in)S
2058(password)S
2305(usage,)S
2478(and)S
2586(cannot)S
2768(be)S
2846(used)S
2977(to)S
3007 2271(t)U
432 2343(a)U
432 2271(great)U
574(advantage)S
840(when)S
991(breaking)S
1223(into)S
1338(a)S
1386(particula)S
1598(r)S
1639(system.)S
1862(This)S
1990(generalit)S
2202(y)S
2253(notwithstanding,)S
2677(I)S
2718(am)S
2813(sure)S
2933(tha)S
459 2343(ny)U
540(self-respecti)S
835(ng)S
916(cracker)S
1115(would)S
1285(already)S
1483(have)S
1617(these)S
1761(techniques)S
2039(at)S
2103(their)S
2234(disposal,)S
2466(and)S
2573(so)S
2646(I)S
2686(am)S
2780(not)S
2877(bring-)S
432 2487(a)U
432 2415(ing)U
530(to)S
598(light)S
730(any)S
838(great)S
980(secret.)S
1177(Rather,)S
1374(I)S
1415(hope)S
1553(to)S
1621(provide)S
1826(a)S
1874(basis)S
2015(for)S
2106(protection)S
2372(for)S
2462(systems)S
2672(that)S
2783(can)S
2887(guard)S
459 2487(gainst)U
623(future)S
787(attempt)S
969(s)S
1012(at)S
1076(system)S
1263(invasion.)S
432 2724(I)U
3 F
432 2631(2.1.)U
562(The)S
682(Survey)S
882(and)S
998(Initial)S
1175(Results)S
1 F
452 2724(n)U
506(October)S
724(and)S
835(again)S
990(in)S
1061(December)S
1333(of)S
1407(1989,)S
1565(I)S
1608(asked)S
1768(a)S
1818(number)S
2025(of)S
2098(friends)S
2288(and)S
2398(acquainta)S
2630(nces)S
2760(around)S
2950(the)S
432 2868(m)U
432 2796(United)U
620(States)S
788(and)S
898(Great)S
1055(Britain)S
1246(to)S
1316(participa)S
1528(te)S
1595(in)S
1665(a)S
1715(survey.)S
1933(Essentially)S
2221(what)S
2361(I)S
2404(asked)S
2564(them)S
2708(to)S
2778(do)S
2861(was)S
2977(to)S
479 2868(ail)U
561(me)S
656(a)S
704(copy)S
842(of)S
913(their)S
1045(/)S
2 F
(etc)R
1 F
(/)R
2 F
(passwd)R
1 F
1347(\256le,)S
1460(and)S
1568(I)S
1609(would)S
1779(try)S
1866(to)S
1933(crack)S
2084(their)S
2215(passwords)S
2484(\(and)S
2611(as)S
2681(a)S
2728(side)S
2845(bene\256t,)S
432 3012(v)U
432 2940(I)U
473(would)S
644(send)S
775(them)S
917(a)S
965(report)S
1130(of)S
1201(the)S
1296(vulnerabili)S
1558(ty)S
1626(of)S
1696(their)S
1827(system,)S
2029(although)S
2260(at)S
2324(no)S
2404(time)S
2532(would)S
2702(I)S
2742(reveal)S
2910(indi-)S
462 3012(idual)U
606(passwords)S
878(nor)S
981(even)S
1118(of)S
1191(their)S
1325(sites)S
1455(participa)S
1667(tion)S
1784(in)S
1854(this)S
1964(study\).)S
2172(Not)S
2285(surprisingly,)S
2610(due)S
2719(to)S
2788(the)S
2884(sensi-)S
3007 3084(t)U
432 3156(w)U
432 3084(tive)U
546(nature)S
720(of)S
793(this)S
903(type)S
1030(of)S
1103(disclosure,)S
1385(I)S
1428(only)S
1558(receive)S
1733(d)S
1786(a)S
1836(small)S
1990(fraction)S
2201(of)S
2274(the)S
2371(replies)S
2555(I)S
2598(hoped)S
2767(to)S
2836(get,)S
2947(bu)S
475 3156(as)U
548(nonetheless)S
851(able)S
974(to)S
1043(acquire)S
1243(a)S
1292(database)S
1522(of)S
1594(nearly)S
1767(15,000)S
1954(account)S
2164(entries.)S
2382(This,)S
2526(I)S
2568(hoped,)S
2752(would)S
2924(pro-)S
432 3321(E)U
432 3228(vide)U
556(a)S
603(representat)S
868(ive)S
962(cross)S
1105(section)S
1296(of)S
1366(the)S
1460(passwords)S
1729(used)S
1859(by)S
1939(users)S
2082(in)S
2149(the)S
2243(community.)S
469 3321(ach)U
580(of)S
657(the)S
758(account)S
973(entries)S
1161(was)S
1281(tested)S
1449(by)S
1536(a)S
1589(number)S
1799(of)S
1875(intrusion)S
2115(strategies,)S
2384(which)S
2557(will)S
2677(be)S
2760(covered)S
2977(in)S
3001 3393(s)U
432 3465(n)U
432 3393(greater)U
622(detail)S
779(in)S
847(the)S
942(following)S
1197(section.)S
1424(The)S
1539(possible)S
1757(passwords)S
2027(that)S
2139(were)S
2277(tried)S
2409(were)S
2547(based)S
2705(on)S
2786(the)S
2881(user')S
462 3465(ame)U
588(or)S
663(account)S
876(number,)S
1100(taken)S
1255(from)S
1396(numerous)S
1657(dictionari)S
1889(es)S
1963(\(including)S
2235(some)S
2386(containing)S
2665(foreign)S
2863(words,)S
432 3609(o)U
432 3537(phrases,)U
650(patterns)S
864(of)S
937(keys)S
1070(on)S
1153(the)S
1250(keyboard,)S
1512(and)S
1622(enumerati)S
1864(ons\),)S
2005(and)S
2114(from)S
2253(permutati)S
2485(ons)S
2590(and)S
2699(combinati)S
2941(ons)S
462 3609(f)U
512(words)S
687(in)S
763(those)S
919(dictionari)S
1151(es.)S
1265(All)S
1371(in)S
1447(all,)S
1552(after)S
1692(nearly)S
1872(12)S
1961(CPU)S
2106(months)S
2312(of)S
2391(rather)S
2561(exhaustive)S
2848(testing,)S
432 3753(s)U
432 3681(approximate)U
734(ly)S
807(25%)S
943(of)S
1019(the)S
1119(passwords)S
1394(had)S
1507(been)S
1647(guessed.)S
1898(So)S
1987(that)S
2104(you)S
2220(do)S
2306(not)S
2409(develop)S
2626(a)S
2679(false)S
2819(sense)S
2974(of)S
455 3753(ecurity)U
647(too)S
748(early,)S
908(I)S
951(add)S
1061(that)S
1175(21%)S
1308(\(nearly)S
1502(3,000)S
1660(passwords\))S
1952(were)S
2092(guessed)S
2305(in)S
2375(the)S
2472(\256rst)S
2588(week,)S
2753(and)S
2863(that)S
2977(in)S
3001 3825(s)U
432 3897(s)U
432 3825(the)U
532(\256rst)S
651(15)S
737(minutes)S
954(of)S
1030(testing,)S
1232(368)S
1348(passwords)S
1623(\(or)S
1719(2.7%\))S
1890(had)S
2003(been)S
2143(cracked)S
2357(using)S
2513(what)S
2656(experienc)S
2891(e)S
2944(ha)S
455 3897(hown)U
614(would)S
790(be)S
873(the)S
973(most)S
1116(fruitful)S
1313(line)S
1430(of)S
1506(attack)S
1677(\(i.e.,)S
1812(using)S
1968(the)S
2068(user)S
2194(or)S
2270(account)S
2484(names)S
2664(as)S
2740(passwords\).)S
432 4041(/)U
432 3969(These)U
597(statistics)S
826(are)S
921(frightening,)S
1225(and)S
1333(well)S
1458(they)S
1583(should)S
1764(be.)S
1877(On)S
1971(an)S
2049(average)S
2258(system)S
2445(with)S
2572(50)S
2652(accounts)S
2883(in)S
2950(the)S
2 F
449 4041(etc)U
1 F
(/)R
2 F
(passwd)R
1 F
748(\256le,)S
875(one)S
996(could)S
1164(expect)S
1356(the)S
1464(\256rst)S
1591(account)S
1813(to)S
1894(be)S
1985(cracked)S
2207(in)S
2288(under)S
2459(2)S
2523(minutes,)S
2763(with)S
2904(5\26115)S
3009 4113(,)U
432 4185(a)U
432 4113(accounts)U
666(being)S
823(cracked)S
1033(by)S
1115(the)S
1211(end)S
1320(of)S
1392(the)S
1488(\256rst)S
1603(day.)S
1747(Even)S
1893(though)S
2082(the)S
3 F
2178(root)S
1 F
2307(account)S
2517(may)S
2643(not)S
2742(be)S
2821(cracked)S
459 4185(ll)U
519(it)S
579(takes)S
728(is)S
793(one)S
905(account)S
1118(being)S
1277(compromised)S
1630(for)S
1725(a)S
1777(cracker)S
1980(to)S
2052(establish)S
2288(a)S
2340(toehold)S
2546(in)S
2618(a)S
2670(system.)S
2897(Once)S
432 4257(that)U
556(is)S
629(done,)S
794(any)S
914(of)S
996(a)S
1055(number)S
1271(of)S
1353(other)S
1509(well-known)S
1828(security)S
2051(loopholes)S
2317(\(many)S
2503(of)S
2585(which)S
2764(have)S
2910(been)S
EP
%%Page: ? 4
BP
1 F
60 Z
1673 222(-)U
1713(4)S
1763(-)S
2707 438(.)U
432 531(I)U
432 438(published)U
686(on)S
766(the)S
860(network\))S
1097(can)S
1201(be)S
1278(used)S
1408(to)S
1475(access)S
1649(or)S
1719(destroy)S
1916(any)S
2023(information)S
2328(on)S
2408(the)S
2502(machine)S
452 531(t)U
491(should)S
673(be)S
751(noted)S
906(that)S
1018(the)S
1113(results)S
1291(of)S
1362(this)S
1470(testing)S
1652(do)S
1733(not)S
1831(give)S
1956(us)S
2030(any)S
2138(indicati)S
2320(on)S
2401(as)S
2472(to)S
2540(what)S
2678(the)S
2 F
2773(uncracked)S
1 F
2997 603(e)U
432 675(w)U
432 603(passwords)U
702(are.)S
832(Rather,)S
1029(it)S
1084(only)S
1212(tells)S
1334(us)S
1408(what)S
1546(was)S
1660(essentially)S
1936(already)S
2135(known)S
2319(\261)S
2370(that)S
2482(users)S
2625(are)S
2719(likely)S
2877(to)S
2944(us)S
475 675(ords)U
601(that)S
714(are)S
810(familia)S
982(r)S
1024(to)S
1093(them)S
1236(as)S
1308(their)S
1441(passwords)S
1710([Riddle1989].)S
2088(What)S
2241(new)S
2363(information)S
2670(it)S
2726(did)S
2825(provide,)S
432 819(d)U
432 747(however,)U
681(was)S
801(the)S
2 F
902(degree)S
1 F
1092(of)S
1168(vulnerabili)S
1430(ty)S
1503(of)S
1579(the)S
1679(systems)S
1895(in)S
1968(question,)S
2213(as)S
2289(well)S
2419(as)S
2495(providing)S
2755(a)S
2808(basis)S
2954(for)S
462 819(eveloping)U
725(a)S
777(proactive)S
1027(password)S
1278(changer)S
1493(\261)S
1547(a)S
1598(system)S
1789(which)S
1960(pre-checks)S
2245(a)S
2296(password)S
2546(before)S
2724(it)S
2782(is)S
2846(entered)S
3004 891(-)U
432 963(w)U
432 891(into)U
554(the)S
656(system,)S
866(to)S
941(determine)S
1211(whether)S
1433(that)S
1552(password)S
1806(will)S
1928(be)S
2013(vulnerable)S
2295(to)S
2369(this)S
2483(type)S
2614(of)S
2691(attack.)S
2898(Pass)S
475 963(ords)U
600(which)S
769(can)S
875(be)S
954(derived)S
1157(from)S
1296(a)S
1345(dictionary)S
1612(are)S
1708(clearly)S
1895(a)S
1944(bad)S
2053(idea)S
2174([Alvare1988],)S
2534(and)S
2642(users)S
2786(should)S
2967(be)S
2 F
2997 1035(y)U
1 F
432 1107(t)U
432 1035(prevented)U
693(from)S
833(using)S
986(them.)S
1165(Of)S
1250(course,)S
1444(as)S
1516(part)S
1632(of)S
1704(this)S
1813(censoring)S
2069(process,)S
2286(users)S
2431(should)S
2613(also)S
2732(be)S
2811(told)S
2 F
2927(wh)S
1 F
449 1107(heir)U
563(proposed)S
803(password)S
1049(is)S
1109(not)S
1206(good,)S
1361(and)S
1468(what)S
1605(a)S
1652(good)S
1792(class)S
1929(of)S
1999(password)S
2245(would)S
2415(be.)S
2997 1200(e)U
432 1272(a)U
432 1200(As)U
524(to)S
597(those)S
750(passwords)S
1025(which)S
1198(remain)S
1392(unbroken,)S
1660(I)S
1706(can)S
1816(only)S
1949(conclude)S
2193(that)S
2310(these)S
2460(are)S
2560(much)S
2720(more)S
2870(secur)S
459 1272(nd)U
548(``safe'')S
754(than)S
887(those)S
1043(to)S
1119(be)S
1205(found)S
1374(in)S
1450(my)S
1556(dictionari)S
1788(es.)S
1902(One)S
2031(such)S
2170(class)S
2316(of)S
2395(passwords)S
2673(is)S
2741(word)S
2892(pairs,)S
432 1416(w)U
432 1344(where)U
610(a)S
668(password)S
925(consists)S
1146(of)S
1227(two)S
1348(short)S
1498(words,)S
1689(separated)S
1947(by)S
2037(a)S
2094(punctuation)S
2409(charact)S
2584(er.)S
2696(Even)S
2850(if)S
2917(only)S
475 1416(ords)U
602(of)S
676(3)S
730(to)S
801(5)S
855(lower)S
1016(case)S
1144(charact)S
1319(ers)S
1413(are)S
1511(considered,)S
1811(/)S
2 F
(usr)R
1 F
(/)R
2 F
(dict)R
1 F
(/)R
2 F
(words)R
1 F
2199(provides)S
2430(3000)S
2574(words)S
2744(for)S
2838(pairing.)S
432 1560(p)U
432 1488(When)U
599(a)S
649(single)S
816(intermedi)S
1048(ary)S
1148(punctuation)S
1456(charact)S
1631(er)S
1701(is)S
1763(introduced,)S
2058(the)S
2154(sample)S
2347(size)S
2463(of)S
2535(90,000,000)S
2827(possible)S
462 1560(asswords)U
704(is)S
767(rather)S
931(daunting.)S
1200(On)S
1296(a)S
1346(DECstation)S
1650(3100,)S
1808(testing)S
1992(each)S
2126(of)S
2199(these)S
2346(passwords)S
2618(against)S
2812(that)S
2925(of)S
2997(a)S
2997 1632(e)U
432 1704(o)U
432 1632(single)U
599(user)S
722(would)S
895(require)S
1089(over)S
1219(25)S
1302(CPU)S
2 F
1441(hours)S
1 F
1600(\261)S
1653(and)S
1763(even)S
1900(then,)S
2042(no)S
2124(guarantee)S
2381(exists)S
2540(that)S
2653(this)S
2762(is)S
2824(the)S
2920(typ)S
462 1704(f)U
506(password)S
756(the)S
854(user)S
977(chose.)S
1172(Introducing)S
1476(one)S
1586(or)S
1659(two)S
1772(upper)S
1932(case)S
2059(charact)S
2234(ers)S
2327(into)S
2444(the)S
2541(password)S
2790(raises)S
2950(the)S
432 1869(A)U
432 1776(search)U
606(set)S
693(size)S
807(to)S
874(such)S
1004(magnitude)S
1279(as)S
1349(to)S
1416(make)S
1567(cracking)S
1795(untenable.)S
475 1869(nother)U
655(``safe'')S
858(password)S
1110(is)S
1176(one)S
1289(constructed)S
1593(from)S
1736(the)S
1836(initial)S
2004(letters)S
2178(of)S
2254(an)S
2337(easily)S
2503(remembere)S
2775(d,)S
2845(but)S
2947(not)S
432 2013(r)U
432 1941(too)U
534(common)S
770(phrase.)S
987(For)S
1095(example,)S
1340(the)S
1439(phrase)S
1621(``Unix)S
1806(is)S
1871(a)S
1923(trademark)S
2193(of)S
2268(Bell)S
2393(Laboratorie)S
2675(s'')S
2762(could)S
2920(give)S
452 2013(ise)U
540(to)S
608(the)S
703(password)S
950(``UiatoBL.'')S
1297(This)S
1425(essentially)S
1701(create)S
1846(s)S
1889(a)S
1936(password)S
2182(which)S
2349(is)S
2409(a)S
2456(random)S
2660(string)S
2817(of)S
2887(upper)S
3004 2085(r)U
432 2157(p)U
432 2085(and)U
544(lower)S
706(case)S
835(letters.)S
1043(Exhaustively)S
1383(searching)S
1639(this)S
1751(list)S
1850(at)S
1919(1000)S
2063(tests)S
2194(per)S
2295(second)S
2486(with)S
2617(only)S
2748(6)S
2802(charact)S
2977(e)S
462 2157(asswords)U
702(would)S
873(take)S
995(nearly)S
1167(230)S
1278(CPU)S
1415(days.)S
1581(Increasing)S
1853(the)S
1948(phrase)S
2126(size)S
2241(to)S
2309(7)S
2359(charact)S
2534(er)S
2601(passwords)S
2870(makes)S
432 2301(c)U
432 2229(the)U
529(testing)S
713(time)S
844(over)S
974(32)S
1057(CPU)S
2 F
1196(years)S
1 F
1349(\261)S
1402(a)S
1451(Herculean)S
1721(task)S
1840(that)S
1953(even)S
2089(the)S
2185(most)S
2324(dedicate)S
2526(d)S
2578(cracker)S
2778(with)S
2907(huge)S
459 2301(omputationa)U
761(l)S
798(resources)S
1045(would)S
1215(shy)S
1318(away)S
1465(from.)S
432 2394(T)U
(hus,)R
592(although)S
828(I)S
873(don't)S
1024(know)S
1181(what)S
1322(passwords)S
1595(were)S
1736(chosen)S
1927(by)S
2011(those)S
2162(users)S
2309(I)S
2353(was)S
2470(unable)S
2655(to)S
2726(crack,)S
2896(I)S
2940(can)S
3004 2466(f)U
432 2538(t)U
432 2466(say)U
538(with)S
671(some)S
824(surety)S
997(that)S
1113(it)S
1172(is)S
1237(doubtful)S
1466(that)S
1582(anyone)S
1781(else)S
1900(could)S
2059(crack)S
2215(them)S
2361(in)S
2433(a)S
2485(reasonable)S
2768(amount)S
2974(o)S
449 2538(ime,)U
575(either.)S
3 F
432 2682(2)U
(.2.)R
562(Method)S
782(of)S
852(Attack)S
1 F
432 2775(A)U
496(number)S
700(of)S
770(techniques)S
1048(were)S
1185(used)S
1315(on)S
1395(the)S
1489(accounts)S
1720(in)S
1787(order)S
1934(to)S
2001(determine)S
2263(if)S
2320(the)S
2414(passwords)S
2683(used)S
2813(for)S
2903(them)S
2997 2847(e)U
432 2919(g)U
432 2847(were)U
582(able)S
716(to)S
796(be)S
886(compromised.)S
1282(To)S
1382(speed)S
1552(up)S
1645(testing,)S
1853(all)S
1946(passwords)S
2227(with)S
2366(the)S
2472(same)S
2628(salt)S
2744(value)S
2907(wer)S
462 2919(rouped)U
651(together.)S
906(This)S
1035(way,)S
1172(one)S
1281(encryption)S
1561(per)S
1660(password)S
1907(per)S
2005(salt)S
2110(value)S
2262(could)S
2417(be)S
2495(performed,)S
2782(with)S
2910(mul-)S
432 3063(r)U
432 2991(tiple)U
562(string)S
721(comparisons)S
1047(to)S
1116(test)S
1222(for)S
1314(matches.)S
1569(Rather)S
1752(than)S
1878(considering)S
2181(15,000)S
2367(accounts,)S
2614(the)S
2709(problem)S
2931(was)S
452 3063(educed)U
643(to)S
710(4,000)S
865(salt)S
969(values.)S
1178(The)S
1292(password)S
1538(tests)S
1665(were)S
1802(as)S
1872(follows:)S
2994 3156(n)U
582(1\))S
732(Try)S
845(using)S
1001(the)S
1101(user's)S
1269(name,)S
1440(initial)S
1582(s,)S
1645(account)S
1858(name,)S
2029(and)S
2141(other)S
2290(relevant)S
2510(personal)S
2739(informatio)S
732 3228(as)U
807(a)S
859(possible)S
1081(password.)S
1367(All)S
1469(in)S
1541(all,)S
1642(up)S
1726(to)S
1797(130)S
1911(different)S
2143(passwords)S
2416(were)S
2557(tried)S
2692(based)S
2853(on)S
2937(this)S
3004 3300(f)U
732 3372(t)U
732 3300(information.)U
1078(For)S
1187(an)S
1270(account)S
1483(name)S
3 F
1639(klone)S
1 F
1804(with)S
1936(a)S
1988(user)S
2113(named)S
2299(``Daniel)S
2525(V.)S
2608(Klein,'')S
2822(some)S
2974(o)S
749 3372(he)U
838(passwords)S
1119(that)S
1242(would)S
1424(be)S
1513(tried)S
1656(were:)S
1822(klone,)S
2003(klone0,)S
2213(klone1,)S
2423(klone123,)S
2693(dvk,)S
2829(dvkdvk,)S
3009 3444(,)U
732 3516(e)U
732 3444(dklein,)U
921(DKlein,)S
1136(leinad,)S
1322(nielk,)S
1481(dvklein,)S
1700(danielk,)S
1916(DvkkvD,)S
2160(DANIEL-KLEIN,)S
2621(\(klone\),)S
2832(KleinD)S
759 3516(tc.)U
582 3609(2)U
(\))R
732(Try)S
850(using)S
1011(words)S
1188(from)S
1336(various)S
1544(dictionari)S
1776(es.)S
1891(These)S
2065(included)S
2303(lists)S
2430(of)S
2510(men's)S
2687(and)S
2804(women's)S
3004 3681(')U
732 3753(a)U
732 3681(names)U
916(\(some)S
1093(16,000)S
1288(in)S
1365(all\);)S
1493(places)S
1674(\(including)S
1952(permutati)S
2184(ons)S
2296(so)S
2378(that)S
2498(``spain,'')S
2749(``spanish,')S
759 3753(nd)U
846(``spaniard'')S
1157(would)S
1334(all)S
1422(be)S
1506(considered\);)S
1831(names)S
2012(of)S
2089(famous)S
2293(people;)S
2498(cartoons)S
2729(and)S
2843(cartoon)S
3007 3825(l)U
732 3897(c)U
732 3825(charact)U
907(ers;)S
1021(titles,)S
1181(charact)S
1356(ers,)S
1468(and)S
1582(locations)S
1826(from)S
1969(\256lms)S
2115(and)S
2228(science)S
2432(\256ction)S
2612(stories;)S
2812(mythica)S
759 3897(reatures)U
976(\(garnered)S
1233(from)S
1376(Bul\256nch's)S
1652(mythology)S
1939(and)S
2052(dictionari)S
2284(es)S
2360(of)S
2435(mythical)S
2672(beasts\);)S
2881(sports)S
732 4041(`)U
732 3969(\(including)U
1010(team)S
1158(names,)S
1357(nicknames,)S
1659(and)S
1775(specializ)S
1987(ed)S
2073(terms\);)S
2273(numbers)S
2509(\(both)S
2665(as)S
2744(numerals)S
2994(\261)S
752 4041(`2001,'')U
970(and)S
1080(written)S
1274(out)S
1374(\261)S
1427(``twelve''\);)S
1728(strings)S
1911(of)S
1983(letters)S
2153(and)S
2262(numbers)S
2491(\()S
2533(``a,'')S
2677(``aa,'')S
2848(``aaa,'')S
3007 4113(l)U
732 4185(s)U
732 4113(``aaaa,'')U
959(etc.\);)S
1106(Chinese)S
1324(syllables)S
1559(\(from)S
1720(the)S
1818(Pinyin)S
1999(Romanizat)S
2261(ion)S
2362(of)S
2436(Chinese,)S
2668(a)S
2718(internati)S
2920(ona)S
755 4185(tandard)U
957(system)S
1144(of)S
1214(writing)S
1408(Chinese)S
1622(on)S
1702(an)S
1779(English)S
1983(keyboard\);)S
2264(the)S
2358(King)S
2498(James)S
2665(Bible;)S
2833(biologi-)S
3007 4257(;)U
732(cal)S
827(terms;)S
1002(common)S
1237(and)S
1348(vulgar)S
1526(phrases)S
1730(\(such)S
1884(as)S
1958(``fuckyou,'')S
2274(``ibmsux,'')S
2569(and)S
2679(``deadhead''\))S
EP
%%Page: ? 5
BP
1 F
60 Z
1673 222(-)U
1713(5)S
1763(-)S
732 438(k)U
(eyboard)R
992(patterns)S
1219(\(such)S
1385(as)S
1471(``qwerty,'')S
1769(``asdf,'')S
2000(and)S
2123(``zxcvbn''\);)S
2449(abbreviati)S
2691(ons)S
2809(\(such)S
2974(as)S
3004 510(-)U
732 582(i)U
732 510(``roygbiv'')U
1023(\261)S
1077(the)S
1175(colors)S
1346(in)S
1417(the)S
1515(rainbow,)S
1751(and)S
1862(``ooottafagvah'')S
2281(\261)S
2335(a)S
2386(mnemonic)S
2665(for)S
2759(remember)S
749 582(ng)U
831(the)S
927(12)S
1009(cranial)S
1196(nerves\);)S
1412(machine)S
1639(names)S
1815(\(acquired)S
2065(from)S
2204(/)S
2 F
(etc)R
1 F
(/)R
2 F
(hosts)R
1 F
(\);)R
2491(charact)S
2666(ers,)S
2773(plays,)S
2937(and)S
3004 654(-)U
732 726(t)U
732 654(locations)U
973(from)S
1113(Shakespeare;)S
1454(common)S
1687(Yiddish)S
1899(words;)S
2104(the)S
2200(names)S
2376(of)S
2448(asteroids;)S
2701(and)S
2810(a)S
2859(collec)S
749 726(ion)U
847(of)S
918(words)S
1085(from)S
1223(various)S
1421(technica)S
1623(l)S
1661(papers)S
1839(I)S
1880(had)S
1987(previously)S
2261(published.)S
2550(All)S
2647(told,)S
2776(more)S
2920(than)S
3004 798(-)U
732 870(c)U
732 798(60,000)U
920(separate)S
1141(words)S
1310(were)S
1450(considered)S
1734(per)S
1834(user)S
1957(\(with)S
2107(any)S
2217(inter-)S
2371(and)S
2481(intra-dict)S
2703(ionary)S
2880(dupli)S
759 870(ates)U
873(being)S
1027(discarded\).)S
582 963(3)U
(\))R
732(Try)S
846(various)S
1050(permutati)S
1282(ons)S
1391(on)S
1477(the)S
1577(words)S
1749(from)S
1892(step)S
2015(2.)S
2106(This)S
2239(included)S
2473(making)S
2680(the)S
2780(\256rst)S
2899(letter)S
732 1107(\()U
732 1035(upper)U
896(case)S
1027(or)S
1104(a)S
1158(control)S
1356(charact)S
1531(er,)S
1620(making)S
1828(the)S
1929(entire)S
2094(word)S
2243(upper)S
2406(case,)S
2551(reversing)S
2801(the)S
2901(word)S
752 1107(with)U
882(and)S
991(without)S
1197(the)S
1293(aforementi)S
1555(oned)S
1694(capital)S
1856(ization\),)S
2078(changing)S
2321(the)S
2417(letter)S
2564(`o')S
2656(to)S
2725(the)S
2821(digit)S
2954(`0')S
732 1251(t)U
732 1179(\(so)U
826(that)S
938(the)S
1033(word)S
1177(``scholar'')S
1452(would)S
1623(also)S
1741(be)S
1819(checked)S
2038(as)S
2109(``sch0lar''\),)S
2419(changing)S
2661(the)S
2755(letter)S
2900(`l')S
2977(to)S
749 1251(he)U
846(digit)S
997(`1')S
1107(\(so)S
1220(that)S
1351(``scholar'')S
1644(would)S
1833(also)S
1969(be)S
2065(checked)S
2302(as)S
2391(``scho1ar,'')S
2712(and)S
2838(also)S
2974(as)S
3009 1323(,)U
732 1395(a)U
732 1323(``sch01ar''\),)U
1056(and)S
1164(performing)S
1456(similar)S
1645(manipulat)S
1887(ions)S
2008(to)S
2076(change)S
2268(the)S
2363(letter)S
2509(`z')S
2597(into)S
2712(the)S
2807(digit)S
2939(`2')S
759 1395(nd)U
853(the)S
961(letter)S
1120(`s')S
1217(into)S
1345(the)S
1453(digit)S
1598(`5'.)S
1716(Another)S
1946(test)S
2063(was)S
2189(to)S
2269(make)S
2433(the)S
2540(word)S
2696(into)S
2823(a)S
2883(plural)S
732 1539(t)U
732 1467(\(irrespective)U
1056(of)S
1128(whether)S
1344(the)S
1440(word)S
1585(was)S
1700(actuall)S
1862(y)S
1914(a)S
1963(noun\),)S
2140(with)S
2269(enough)S
2467(intelli)S
2609(gence)S
2771(built)S
2903(in)S
2971(so)S
749 1539(hat)U
868(``dress'')S
1116(became)S
1346(``dresses,'')S
1659(``house'')S
1924(became)S
2154(``houses,'')S
2457(and)S
2588(``daisy'')S
2839(became)S
3004 1611(')U
732 1683(f)U
732 1611(``daisies.'')U
1036(We)S
1145(did)S
1247(not)S
1349(consider)S
1578(pluraliza)S
1790(tion)S
1909(rules)S
2051(exhaustively,)S
2395(though,)S
2601(so)S
2678(that)S
2793(``datum')S
752 1683(orgivably)U
1009(became)S
1220(``datums'')S
1500(\(not)S
1623(``data''\),)S
1865(while)S
2025(``sphynx'')S
2304(became)S
2514(``sphynxs'')S
2815(\(and)S
2947(not)S
732 1827(w)U
732 1755(``sphynges''\).)U
1117(Similarly,)S
1384(the)S
1485(suf\256xes)S
1698(``-ed,'')S
1897(``-er,'')S
2086(and)S
2200(``-ing'')S
2404(were)S
2547(added)S
2717(to)S
2790(transform)S
775 1827(ords)U
902(like)S
1017(``phase'')S
1258(into)S
1376(``phased,'')S
1662(``phaser,'')S
1938(and)S
2049(``phasing.'')S
2375(These)S
2543(14)S
2627(to)S
2698(17)S
2782(additional)S
732 1971(t)U
732 1899(tests)U
866(per)S
970(word)S
1120(added)S
1291(another)S
1499(1,000,000)S
1766(words)S
1939(to)S
2013(the)S
2114(list)S
2215(of)S
2292(possible)S
2515(passwords)S
2790(that)S
2907(were)S
749 1971(ested)U
893(for)S
983(each)S
1114(user.)S
582 2064(4)U
(\))R
732(Try)S
844(various)S
1046(capital)S
1208(ization)S
1398(permutati)S
1630(ons)S
1738(on)S
1822(the)S
1920(words)S
2090(from)S
2231(step)S
2352(2)S
2406(that)S
2521(were)S
2662(not)S
2763(considered)S
3004 2136(')U
732 2208(w)U
732 2136(in)U
809(step)S
936(3.)S
1031(This)S
1168(included)S
1406(all)S
1497(single)S
1671(letter)S
1826(capital)S
1988(ization)S
2183(permutati)S
2415(ons)S
2528(\(so)S
2631(that)S
2752(``michael)S
2984(')S
775 2208(ould)U
909(also)S
1033(be)S
1116(checked)S
1340(as)S
1416(``mIchael,'')S
1732(``miChael,'')S
2058(``micHael,'')S
2384(``michAel,'')S
2713(etc.\),)S
2860(double)S
3004 2280(')U
732 2352(`)U
732 2280(letter)U
887(capital)S
1049(ization)S
1244(permutati)S
1476(ons)S
1588(\(``MIchael,'')S
1933(``MiChael,'')S
2268(``MicHael,'')S
2603(...)S
2677(,)S
2721(``mIChael,')S
752 2352(`mIcHael,'')U
1069(etc.\),)S
1224(triple)S
1386(letter)S
1545(permutati)S
1777(ons,)S
1909(and)S
2030(so)S
2117(on.)S
2246(The)S
2374(single)S
2551(letter)S
2709(permutati)S
2941(ons)S
3004 2424(-)U
732 2496(m)U
732 2424(added)U
902(roughly)S
1114(another)S
1320(400,000)S
1540(words)S
1711(to)S
1783(be)S
1865(checked)S
2088(per)S
2190(user,)S
2330(while)S
2489(the)S
2588(double)S
2777(letter)S
2927(per)S
779 2496(utations)U
995(added)S
1164(another)S
1370(1,500,000)S
1635(words.)S
1841(Three)S
2007(letter)S
2157(permutati)S
2389(ons)S
2497(would)S
2672(have)S
2811(added)S
2980(at)S
3009 2568(.)U
732 2640(T)U
732 2568(least)U
869(another)S
1076(3,000,000)S
1342(words)S
2 F
1514(per)S
1620(user)S
1 F
1749(had)S
1862(there)S
2009(been)S
2149(enough)S
2351(time)S
2484(to)S
2556(complete)S
2803(the)S
2902(tests)S
769 2640(ests)U
889(of)S
969(4,)S
1044(5,)S
1119(and)S
1236(6)S
1295(letter)S
1449(permutati)S
1681(ons)S
1793(were)S
1939(deemed)S
2156(to)S
2232(be)S
2318(impracti)S
2520(cable)S
2677(without)S
2890(much)S
582 2805(5)U
732 2712(more)U
876(computati)S
1118(onal)S
1242(horsepower)S
1542(to)S
1609(carry)S
1753(them)S
1894(out.)S
612 2805(\))U
732(Try)S
844(foreign)S
1043(language)S
1285(words)S
1455(on)S
1539(foreign)S
1737(users.)S
1919(The)S
2037(speci\256c)S
2245(test)S
2353(that)S
2468(was)S
2585(performed)S
2860(was)S
2977(to)S
3004 2877(f)U
732 2949(C)U
732 2877(try)U
820(Chinese)S
1035(language)S
1274(passwords)S
1544(on)S
1625(users)S
1769(with)S
1897(Chinese)S
2112(names.)S
2322(The)S
2437(Pinyin)S
2615(Romanizat)S
2877(ion)S
2974(o)S
772 2949(hinese)U
952(syllables)S
1189(was)S
1308(used,)S
1459(combining)S
1743(syllables)S
1979(together)S
2202(into)S
2321(one,)S
2448(two,)S
2578(and)S
2690(three)S
2836(syllable)S
732 3093(e)U
732 3021(words.)U
934(Because)S
1155(no)S
1235(tests)S
1362(were)S
1499(done)S
1636(to)S
1703(determine)S
1965(whether)S
2179(the)S
2273(words)S
2439(actuall)S
2601(y)S
2651(made)S
2802(sense,)S
2967(an)S
759 3093(xhaustive)U
1011(search)S
1186(was)S
1300(initiat)S
1442(ed.)S
1555(Since)S
1710(there)S
1852(are)S
1947(398)S
2058(Chinese)S
2273(syllables)S
2504(in)S
2571(the)S
2665(Pinyin)S
2842(system,)S
732 3237(w)U
732 3165(there)U
886(are)S
993(158,404)S
1221(two)S
1344(syllable)S
1564(words,)S
1757(and)S
1876(slightly)S
2089(more)S
2245(than)S
2381(16,000,000)S
2683(three)S
2836(syllable)S
775 3237(ords.)U
945(A)S
1019(similar)S
1218(mode)S
1383(of)S
1464(attack)S
1639(could)S
1803(as)S
1883(easily)S
2054(be)S
2141(used)S
2281(with)S
2418(English,)S
2647(using)S
2807(rules)S
2954(for)S
732 3309(b)U
42 Z
893 3216(\262)U
60 Z
762 3309(uilding)U
953(pronounceable)S
1328(nonsense)S
1568(words.)S
582 3402(6)U
(\))R
732(Try)S
842(word)S
988(pairs.)S
1163(The)S
1280(magnitude)S
1558(of)S
1631(an)S
1711(exhaustive)S
1992(test)S
2099(of)S
2172(this)S
2282(nature)S
2456(is)S
2519(staggering.)S
2828(To)S
2917(sim-)S
3009 3474(.)U
732 3546(E)U
732 3474(plify)U
874(this)S
989(test,)S
1116(only)S
1251(words)S
1425(of)S
1503(3)S
1561(or)S
1639(4)S
1696(charact)S
1871(ers)S
1968(in)S
2042(length)S
2220(from)S
2364(/)S
2 F
(usr)R
1 F
(/)R
2 F
(dict)R
1 F
(/)R
2 F
(words)R
1 F
2755(were)S
2899(used)S
769 3546(ven)U
879(so,)S
970(the)S
1067(number)S
1274(of)S
1347(word)S
1493(pairs)S
1633(is)S
3 F
1696(O)S
1 F
(\(10)R
1844(\))S
1886(\(multiplie)S
2125(d)S
2177(by)S
2259(4096)S
2401(possible)S
2620(salt)S
2726(values\),)S
2937(and)S
42 Z
1823 3525(7)U
60 Z
1925 3618(.)U
432 3711(F)U
732 3618(as)U
802(of)S
872(this)S
979(writing,)S
1188(the)S
1282(test)S
1386(is)S
1446(only)S
1573(10%)S
1703(complete)S
465 3711(or)U
536(this)S
644(study,)S
810(I)S
851(had)S
959(access)S
1134(to)S
1202(four)S
1323(DECstation)S
1625(3100's,)S
1824(each)S
1956(of)S
2027(which)S
2194(was)S
2307(capable)S
2512(of)S
2582(checking)S
2820(approxi-)S
3004 3783(r)U
432 3855(s)U
432 3783(mately)U
622(750)S
737(passwords)S
1011(per)S
1112(second.)S
1338(Even)S
1486(with)S
1617(this)S
1728(total)S
1860(peak)S
1998(processing)S
2279(horsepower)S
2583(of)S
2657(3,000)S
2816(tests)S
2947(pe)S
455 3855(econd)U
625(\(some)S
798(machines)S
1052(were)S
1195(only)S
1327(intermit)S
1519(tently)S
1682(availabl)S
1874(e\),)S
1961(testing)S
2147(the)S
3 F
2246(O)S
1 F
(\(10)R
2415(\))S
2460(password/salt)S
2812(pairs)S
2954(for)S
42 Z
2373 3834(10)U
60 Z
3001 3927(s)U
432 3999(a)U
432 3927(the)U
531(\256rst)S
649(four)S
774(tests)S
905(required)S
1130(on)S
1214(the)S
1312(order)S
1463(of)S
1537(12)S
1621(CPU)S
2 F
1761(months)S
1 F
1958(of)S
2032(computati)S
2274(ons.)S
2416(The)S
2534(remaining)S
2803(two)S
2917(test)S
459 3999(re)U
533(still)S
651(ongoing)S
875(after)S
1013(an)S
1097(additional)S
1365(18)S
1451(CPU)S
1593(months)S
1796(of)S
1872(computati)S
2114(on.)S
2235(Although)S
2488(for)S
2584(research)S
2811(purposes)S
6 F
48 Z
432 4059(hhhhhhhhhhhhhhhhhh)U
1 F
492 4128(\262)U
540(The)S
633(astute)S
763(reader)S
901(will)S
994(notice)S
1129(that)S
1219(398)S
1328(is)S
1379(in)S
1435(fact)S
1525(63,044,972.)S
1788(Since)S
1913(Unix)S
2028(passwords)S
2248(are)S
2325(truncated)S
2521(after)S
2626(8)S
2668(charac-)S
432 4188(t)U
36 Z
1291 4110(3)U
48 Z
445 4188(ers,)U
532(however,)S
728(the)S
805(number)S
969(of)S
1027(unique)S
1175(polysyllabic)S
1426(Chinese)S
1598(passwords)S
1817(is)S
1867(only)S
1970(around)S
2121(16,000,000.)S
2383(Even)S
2499(this)S
2586(reduced)S
2755(set)S
432 4248(was)U
523(too)S
600(large)S
711(to)S
764(complete)S
954(under)S
1079(the)S
1153(imposed)S
1331(time)S
1431(constraints.)S
EP
%%Page: ? 6
BP
1 F
60 Z
1673 222(-)U
1713(6)S
1763(-)S
3004 438(-)U
432 510(r)U
432 438(this)U
541(is)S
603(well)S
729(within)S
905(accept)S
1060(able)S
1183(ranges,)S
1377(it)S
1433(is)S
1495(a)S
1543(bit)S
1628(out)S
1726(of)S
1797(line)S
1909(for)S
2000(any)S
2108(but)S
2206(the)S
2301(most)S
2439(dedicate)S
2641(d)S
2692(and)S
2800(resource)S
452 510(ich)U
546(cracker.)S
3 F
432 654(2)U
(.3.)R
562(Summary)S
835(of)S
905(Results)S
1 F
432 747(T)U
(he)R
554(problem)S
783(with)S
918(using)S
1076(passwords)S
1353(that)S
1472(are)S
1574(derived)S
1782(directly)S
1994(from)S
2138(obvious)S
2355(words)S
2528(is)S
2595(that)S
2713(when)S
2870(a)S
2924(user)S
3004 819(r)U
432 891(s)U
432 819(thinks)U
602(``Hah,)S
780(no)S
863(one)S
973(will)S
1090(guess)S
1246(this)S
1356(permutati)S
1588(on,'')S
1726(they)S
1853(are)S
1949(almost)S
2132(invariably)S
2399(wrong.)S
2609(Who)S
2748(would)S
2920(eve)S
455 891(uspect)U
636(that)S
754(I)S
801(would)S
978(\256nd)S
1098(their)S
1236(passwords)S
1512(when)S
1669(they)S
1800(chose)S
1964(``fylgjas'')S
2235(\(guardian)S
2493(creature)S
2688(s)S
2738(from)S
2881(Norse)S
3001 963(s)U
432 1035(t)U
432 963(mythology\),)U
753(or)S
828(the)S
927(Chinese)S
1146(word)S
1294(for)S
1389(``hen-pecked)S
1732(husband''?)S
2044(No)S
2142(matter)S
2322(what)S
2464(words)S
2635(or)S
2709(permutati)S
2941(on)S
449 1035(hereon)U
642(are)S
745(chosen)S
941(for)S
1040(a)S
1096(password,)S
1366(if)S
1432(they)S
1564(exist)S
1706(in)S
1781(some)S
1936(dictionary,)S
2224(they)S
2356(are)S
2458(susceptible)S
2754(to)S
2829(directed)S
2994 1107(h)U
432 1179(t)U
432 1107(cracking.)U
701(The)S
821(following)S
1080(table)S
1223(give)S
1352(an)S
1434(overview)S
1683(of)S
1758(the)S
1857(types)S
2009(of)S
2084(passwords)S
2358(which)S
2530(were)S
2672(found)S
2837(throug)S
449 1179(his)U
539(research.)S
432 1272(A)U
499(note)S
627(on)S
711(the)S
809(table)S
950(is)S
1013(in)S
1083(order.)S
1268(The)S
1385(number)S
1592(of)S
1665(matches)S
1886(given)S
2043(from)S
2183(a)S
2233(particula)S
2445(r)S
2488(dictionary)S
2756(is)S
2819(the)S
2916(total)S
432 1416(w)U
432 1344(number)U
643(of)S
720(matches,)S
960(irrespective)S
1269(of)S
1346(the)S
1447(permutati)S
1679(ons)S
1788(that)S
1905(a)S
1958(user)S
2084(may)S
2214(have)S
2354(applied)S
2558(to)S
2631(it.)S
2726(Thus,)S
2887(if)S
2950(the)S
475 1416(ord)U
579(``wombat'')S
877(were)S
1017(a)S
1067(particula)S
1279(rly)S
1369(popular)S
1576(password)S
1825(from)S
1965(the)S
2062(biology)S
2269(dictionary,)S
2552(the)S
2649(following)S
2906(table)S
432 1560(o)U
432 1488(will)U
549(not)S
649(indicate)S
864(whether)S
1081(it)S
1138(was)S
1254(entered)S
1455(as)S
1528(``wombat,'')S
1839(``Wombat,'')S
2164(``TABMOW,'')S
2554(``w0mbat,'')S
2865(or)S
2937(any)S
462 1560(f)U
504(the)S
599(other)S
744(71)S
825(possible)S
1043(difference)S
1288(s)S
1332(that)S
1444(this)S
1552(research)S
1774(checked.)S
2028(In)S
2099(this)S
2207(way,)S
2343(detaile)S
2505(d)S
2556(information)S
2862(can)S
2967(be)S
432 1725(A)U
432 1632(divulged)U
663(without)S
867(providing)S
1121(much)S
1275(knowledge)S
1559(to)S
1626(potential)S
1858(``bad)S
2005(guys.'')S
475 1725(dditionall)U
707(y,)S
779(in)S
853(order)S
1007(to)S
1081(reduce)S
1269(the)S
1370(total)S
1505(search)S
1686(time)S
1821(that)S
1939(was)S
2058(needed)S
2255(for)S
2351(this)S
2464(research,)S
2706(the)S
2806(checking)S
2997 1797(e)U
432 1869(o)U
432 1797(program)U
662(elimina)S
844(ted)S
943(both)S
1075(inter-)S
1231(and)S
1343(intra-dict)S
1565(ionary)S
1744(duplicate)S
1991(words.)S
2197(The)S
2316(dictionari)S
2548(es)S
2623(are)S
2722(listed)S
2878(in)S
2950(th)S
462 1869(rder)U
583(tested,)S
763(and)S
874(the)S
972(total)S
1104(size)S
1222(of)S
1296(the)S
1394(dictionary)S
1663(is)S
1727(given)S
1885(in)S
1956(addition)S
2177(to)S
2247(the)S
2344(number)S
2551(of)S
2624(words)S
2793(that)S
2907(were)S
3009 1941(,)U
432 2013(a)U
432 1941(elimina)U
614(ted)S
714(due)S
827(to)S
900(duplicati)S
1112(on.)S
1233(For)S
1342(example,)S
1588(the)S
1688(word)S
1836(``georgia'')S
2122(is)S
2187(both)S
2319(a)S
2371(female)S
2561(name)S
2717(and)S
2829(a)S
2881(place)S
459 2013(nd)U
541(is)S
603(only)S
732(considered)S
1014(once.)S
1184(A)S
1248(password)S
1495(which)S
1663(is)S
1724(identi\256ed)S
1973(as)S
2044(being)S
2199(found)S
2360(in)S
2428(the)S
2523(common)S
2755(names)S
2930(dic-)S
3004 2085(')U
432 2157(`)U
432 2085(tionary)U
624(might)S
786(very)S
914(well)S
1039(appear)S
1221(in)S
1288(other)S
1432(dictionari)S
1664(es.)S
1769(Additionally,)S
2109(although)S
2340(``duplicate)S
2602(,'')S
2677(``duplicate)S
2939(d,')S
452 2157(`duplicati)U
684(ng'')S
805(and)S
913(``duplicati)S
1165(ve'')S
1283(are)S
1378(all)S
1460(distinct)S
1659(words,)S
1841(only)S
1969(the)S
2064(\256rst)S
2178(eight)S
2320(charact)S
2495(ers)S
2586(of)S
2657(a)S
2704(password)S
2950(are)S
432 2229(used)U
562(in)S
629(Unix,)S
784(so)S
857(all)S
938(but)S
1035(the)S
1129(\256rst)S
1242(word)S
1385(are)S
1479(discarded)S
1730(as)S
1800(redundant.)S
EP
%%Page: ? 7
BP
1 F
60 Z
1673 222(-)U
1713(7)S
1763(-)S
6 F
2993 378(i)U
433(i)S
443(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)S
3 F
72 Z
841 450(Passwords)U
1189(cracked)S
1457(from)S
1633(a)S
1693(sample)S
1933(set)S
2041(of)S
2125(13,797)S
2347(accounts)S
6 F
60 Z
2993 462(i)U
433(i)S
443(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)S
3 F
620 534(Type)U
770(of)S
1117(Size)S
1241(of)S
1438(Duplicates)S
1805(Search)S
4 F
2130(#)S
3 F
2180(of)S
2433(Pct.)S
2678(Cost/Bene\256t)S
597 606(Password)U
1067(Dictionary)S
1431(Eliminated)S
1841(Size)S
2072(Matches)S
2379(of)S
2449(Total)S
2752(Ratio)S
48 Z
582(*)T
6 F
60 Z
2993 624(i)U
433(i)S
443(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)S
612(i)T
433(i)S
443(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)S
1 F
463 690(User/account)U
801(name)S
1168(130)S
1558(\261)S
1878(130)S
2150(368)S
2424(2.7%)S
2767(2.830)S
463 762(C)U
42 Z
1258 669(\262)U
60 Z
503 762(haracte)U
678(r)S
718(sequences)S
1189(866)S
1618(0)S
1878(866)S
2180(22)S
2424(0.2%)S
2767(0.025)S
2872 834(1)U
463 906(C)U
463 834(Numbers)U
1189(450)S
1588(23)S
1878(427)S
2210(9)S
2424(0.1%)S
2767(0.02)S
503 906(hinese)U
1189(398)S
1618(6)S
1878(392)S
2180(56)S
2424(0.4%)S
2767(0.143)S
5 F
42 Z
2549 885(\263)U
1 F
60 Z
2872 978(1)U
463 1050(C)U
463 978(Place)U
614(names)S
1189(665)S
1588(37)S
1878(628)S
2180(82)S
2424(0.6%)S
2767(0.13)S
503 1050(ommon)U
707(names)S
1159(2268)S
1588(29)S
1848(2239)S
2150(548)S
2424(4.0%)S
2767(0.245)S
2872 1122(8)U
463 1194(M)U
463 1122(Female)U
661(names)S
1159(4955)S
1558(675)S
1848(4280)S
2150(161)S
2424(1.2%)S
2767(0.03)S
516 1194(ale)U
607(names)S
1159(3901)S
1528(1035)S
1848(2866)S
2150(140)S
2424(1.0%)S
2767(0.049)S
2872 1266(6)U
463 1338(M)U
463 1266(Uncommon)U
767(names)S
1159(5559)S
1558(604)S
1848(4955)S
2150(130)S
2424(0.9%)S
2767(0.02)S
516 1338(yths)U
636(&)S
703(legends)S
1159(1357)S
1558(111)S
1848(1246)S
2180(66)S
2424(0.5%)S
2767(0.053)S
2872 1410(3)U
463 1482(S)U
463 1410(Shakespearean)U
1189(650)S
1558(177)S
1878(473)S
2180(11)S
2424(0.1%)S
2767(0.02)S
496 1482(ports)U
636(terms)S
1189(247)S
1618(9)S
1878(238)S
2180(32)S
2424(0.2%)S
2767(0.134)S
2872 1554(5)U
463 1626(M)U
463 1554(Science)U
671(\256ction)S
1189(772)S
1588(81)S
1878(691)S
2180(59)S
2424(0.4%)S
2767(0.08)S
516 1626(ovies)U
663(and)S
770(actors)S
1189(118)S
1588(19)S
1908(99)S
2180(12)S
2424(0.1%)S
2767(0.121)S
2872 1698(8)U
463 1770(F)U
463 1698(Cartoons)U
1189(133)S
1588(41)S
1908(92)S
2210(9)S
2424(0.1%)S
2767(0.09)S
496 1770(amous)U
673(people)S
1189(509)S
1558(219)S
1878(290)S
2180(55)S
2424(0.4%)S
2767(0.190)S
2872 1842(1)U
463 1914(S)U
463 1842(Phrases)U
666(and)S
773(patterns)S
1189(998)S
1588(65)S
1878(933)S
2150(253)S
2424(1.8%)S
2767(0.27)S
496 1914(urnames)U
1189(160)S
1558(127)S
1908(33)S
2210(9)S
2424(0.1%)S
2767(0.273)S
2872 1986(7)U
463 2058(/)U
463 1986(Biology)U
1219(59)S
1618(1)S
1908(58)S
2210(1)S
2424(0.0%)S
2767(0.01)S
2 F
480 2058(usr)U
1 F
(/)R
2 F
(dict)R
1 F
(/)R
2 F
(words)R
1 F
1129(24474)S
1528(4791)S
1818(19683)S
2120(1027)S
2424(7.4%)S
2767(0.052)S
2872 2130(5)U
463 2202(M)U
463 2130(Machine)U
694(names)S
1129(12983)S
1528(3965)S
1848(9018)S
2150(132)S
2424(1.0%)S
2767(0.01)S
516 2202(nemonics)U
1219(14)S
1618(0)S
1908(14)S
2210(2)S
2424(0.0%)S
2767(0.143)S
2872 2274(1)U
463 2346(M)U
463 2274(King)U
603(James)S
770(bible)S
1129(13062)S
1528(5537)S
1848(7525)S
2180(83)S
2424(0.6%)S
2767(0.01)S
516 2346(iscellane)U
728(ous)S
831(words)S
1159(8146)S
1528(4934)S
1848(3212)S
2180(54)S
2424(0.4%)S
2767(0.017)S
2872 2418(0)U
463 2490(A)U
463 2418(Yiddish)U
673(words)S
1219(69)S
1588(13)S
1908(56)S
2210(0)S
2424(0.0%)S
2767(0.00)S
506 2490(steroids)U
1159(3459)S
1528(1052)S
1848(2407)S
2180(19)S
2424(0.1%)S
2767(0.007)S
6 F
2993 2502(i)U
433(i)S
443(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)S
2 F
463 2574(Total)U
1 F
1129(86280)S
1498(23553)S
1818(62727)S
3 F
2120(3340)S
2394(24.2%)S
1 F
2767(0.053)S
6 F
2993 2586(i)U
433 438(c)U
498(c)T
558(c)T
618(c)T
678(c)T
738(c)T
798(c)T
858(c)T
918(c)T
978(c)T
1038(c)T
1098(c)T
1158(c)T
1218(c)T
1278(c)T
1338(c)T
1398(c)T
1458(c)T
1518(c)T
1578(c)T
1638(c)T
1698(c)T
1758(c)T
1818(c)T
1878(c)T
1938(c)T
1998(c)T
2058(c)T
2118(c)T
2178(c)T
2238(c)T
2298(c)T
2358(c)T
2418(c)T
2478(c)T
2538(c)T
2586(ci)T
443(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)S
3023(c)S
2538(c)T
2478(c)T
2418(c)T
2358(c)T
2298(c)T
2238(c)T
2178(c)T
2118(c)T
2058(c)T
1998(c)T
1938(c)T
1878(c)T
1818(c)T
1758(c)T
1698(c)T
1638(c)T
1578(c)T
1518(c)T
1458(c)T
1398(c)T
1338(c)T
1278(c)T
1218(c)T
1158(c)T
1098(c)T
1038(c)T
978(c)T
918(c)T
858(c)T
798(c)T
738(c)T
678(c)T
618(c)T
558(c)T
498(c)T
438(c)T
1 F
432 2787(i)U
432 2715(The)U
549(results)S
729(are)S
826(quite)S
970(disheartening.)S
1353(The)S
1470(total)S
1601(size)S
1717(of)S
1789(the)S
1885(dictionary)S
2152(was)S
2267(only)S
2396(62,727)S
2583(words)S
2751(\(not)S
2870(count-)S
449 2787(ng)U
538(various)S
744(permutati)S
976(ons\).)S
1143(This)S
1279(is)S
1348(much)S
1511(smaller)S
1718(than)S
1851(the)S
1954(250,000)S
2178(word)S
2329(dictionary)S
2602(postulated)S
2878(at)S
2950(the)S
2997 2859(e)U
432 2931(c)U
432 2859(beginning)U
698(of)S
773(this)S
885(paper,)S
1059(yet)S
1158(armed)S
1334(even)S
1472(with)S
1603(this)S
1714(small)S
1869(dictionary,)S
2153(nearly)S
2328(25%)S
2462(of)S
2536(the)S
2634(passwords)S
2907(wer)S
459 2931(racked!)U
6 F
48 Z
432 3735(h)U
(hhhhhhhhhhhhhhhhh)R
1 F
492 3804(*)U
540(In)S
597(all)S
661(cases,)S
791(the)S
866(cost/bene\256t)S
1103(ratio)S
1207(is)S
1256(the)S
1331(number)S
1494(of)S
1551(matches)S
1724(divided)S
1883(by)S
1947(the)S
2021(search)S
2159(size.)S
2277(The)S
2367(more)S
2481(words)S
2615(that)S
2702(need-)S
432 3864(ed)U
493(to)S
546(be)S
607(tested)S
734(for)S
806(a)S
843(match,)S
987(the)S
1061(lower)S
1186(the)S
1260(cost/bene\256t)S
1496(ratio.)S
492 3933(\262)U
540(The)S
633(dictionary)S
845(used)S
952(for)S
1027(user/account)S
1287(name)S
1409(checks)S
1558(naturally)S
1746(changed)S
1924(for)S
1999(each)S
2105(user.)S
2232(Up)S
2309(to)S
2364(130)S
2454(different)S
2636(permuta-)S
432 3993(tions)U
541(were)S
650(tried)S
753(for)S
825(each.)S
5 F
492 4062(\263)U
1 F
540(While)S
672(monosyllablic)S
958(Chinese)S
1128(passwords)S
1345(were)S
1454(tried)S
1557(for)S
1629(all)S
1692(users)S
1807(\(with)S
1924(12)S
1988(matches\),)S
2188(polysyllabic)S
2437(Chinese)S
2607(passwords)S
2795 4122(t)U
432 4182(r)U
432 4122(were)U
543(tried)S
648(only)S
751(for)S
825(users)S
942(with)S
1045(Chinese)S
1217(names.)S
1385(The)S
1477(percentage)S
1701(of)S
1758(matches)S
1931(for)S
2004(this)S
2090(subset)S
2227(of)S
2284(users)S
2400(is)S
2449(8%)S
2530(\261)S
2571(a)S
2609(greater)S
2758(hi)S
448 4182(atio)U
535(than)S
633(any)S
718(other)S
832(method.)S
1019(Because)S
1194(the)S
1268(dictionary)S
1477(size)S
1567(is)S
1615(over)S
1716(16)S
4 F
(\264)R
1 F
(10)R
1857(,)S
1885(though,)S
2046(the)S
2120(cost/bene\256t)S
2356(ratio)S
2459(is)S
2507(in\256nitesimal.)S
36 Z
1839 4164(6)U
EP
%%Page: ? 8
BP
6 F
60 Z
1228 378(i)U
1 F
1673 222(-)U
1713(8)S
1763(-)S
6 F
1237 378(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)U
1228 462(i)U
3 F
72 Z
450(Length)T
1502(of)S
1586(Cracked)S
1874(Passwords)S
6 F
60 Z
1237 462(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)U
1228 540(i)U
3 F
1319 534(Length)U
1658(Count)S
1912(Perce)S
2057(ntage)S
6 F
1237 540(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)U
1228 552(i)U
1237(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)S
1 F
1258 690(2)U
1258 618(1)U
1308(charact)S
1483(er)S
1767(4)S
2007(0.1%)S
1308 690(charact)U
1483(ers)S
1767(5)S
2007(0.2%)S
2082 762(%)U
1258 834(4)U
1258 762(3)U
1308(charact)S
1483(ers)S
1737(66)S
2007(2.0)S
1308 834(charact)U
1483(ers)S
1707(188)S
2007(5.7%)S
2082 906(%)U
1258 978(6)U
1258 906(5)U
1308(charact)S
1483(ers)S
1707(317)S
2007(9.5)S
1308 978(charact)U
1483(ers)S
1677(1160)S
1977(34.7%)S
2082 1050(%)U
1258 1122(8)U
1258 1050(7)U
1308(charact)S
1483(ers)S
1707(813)S
1977(24.4)S
1308 1122(charact)U
1483(ers)S
1707(780)S
1977(23.4%)S
6 F
2197 1134(i)U
1228 438(c)U
498(c)T
558(c)T
618(c)T
678(c)T
738(c)T
798(c)T
858(c)T
918(c)T
978(c)T
1038(c)T
1098(c)T
1134(ci)T
1237(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)S
2227(c)S
1098(c)T
1038(c)T
978(c)T
918(c)T
858(c)T
798(c)T
738(c)T
678(c)T
618(c)T
558(c)T
498(c)T
438(c)T
1 F
3004 1263(f)U
432 1335(t)U
432 1263(The)U
549(results)S
729(of)S
802(the)S
899(word-pair)S
1159(tests)S
1289(are)S
1386(not)S
1486(included)S
1717(in)S
1787(either)S
1947(of)S
2019(the)S
2115(two)S
2227(tables.)S
2425(However,)S
2682(at)S
2748(the)S
2844(time)S
2974(o)S
449 1335(his)U
544(writing,)S
758(the)S
857(test)S
966(was)S
1083(approximate)S
1385(ly)S
1456(10%)S
1590(complete)S
1812(d,)S
1881(having)S
2069(found)S
2233(an)S
2314(additional)S
2580(0.4%)S
2729(of)S
2803(the)S
2901(pass-)S
432 1479(b)U
432 1407(words)U
602(in)S
673(the)S
771(sample)S
966(set.)S
1092(It)S
1153(is)S
1217(probably)S
1454(reasonable)S
1735(to)S
1805(guess)S
1961(that)S
2075(a)S
2125(total)S
2256(of)S
2329(4%)S
2432(of)S
2505(the)S
2602(passwords)S
2874(would)S
462 1479(e)U
509(cracked)S
717(by)S
797(using)S
947(word)S
1090(pairs.)S
3 F
1318 1623(n)U
1 F
432 1716(W)U
3 F
432 1623(3.)U
517(Action,)S
722(Reaction,)S
984(and)S
1100(Proactio)S
1 F
489 1716(hat)U
586(then,)S
728(are)S
825(we)S
918(to)S
988(do)S
1071(with)S
1201(the)S
1298(results)S
1478(presented)S
1731(in)S
1800(this)S
1909(paper?)S
2112(Clearly,)S
2327(something)S
2600(needs)S
2759(to)S
2828(be)S
2907(done)S
3007 1788(t)U
432 1860(t)U
432 1788(to)U
504(safeguard)S
763(the)S
862(security)S
1078(of)S
1153(our)S
1258(systems)S
1473(from)S
1615(attack.)S
1820(It)S
1882(was)S
2000(with)S
2132(intention)S
2372(of)S
2446(enhancing)S
2718(security)S
2933(tha)S
449 1860(his)U
541(study)S
693(was)S
808(undertaken.)S
1133(By)S
1225(knowing)S
1457(what)S
1596(kind)S
1724(of)S
1795(passwords)S
2065(users)S
2209(use,)S
2325(we)S
2416(are)S
2511(able)S
2633(to)S
2701(prevent)S
2903(them)S
432 2025(O)U
432 1932(from)U
569(using)S
719(those)S
866(that)S
977(are)S
1071(easily)S
1232(guessable)S
1486(\(and)S
1613(thus)S
1733(thwart)S
1907(the)S
2001(cracker\).)S
475 2025(ne)U
554(approach)S
797(to)S
866(elimina)S
1048(ting)S
1163(easy-to-guess)S
1511(passwords)S
1781(is)S
1842(to)S
1910(periodical)S
2152(ly)S
2220(run)S
2321(a)S
2369(password)S
2616(checker)S
2825(\261)S
2876(a)S
2924(pro-)S
432 2169(t)U
432 2097(gram)U
580(which)S
750(scans)S
903(/)S
2 F
(etc)R
1 F
(/)R
2 F
(passwd)R
1 F
1207(and)S
1317(tries)S
1444(to)S
1514(break)S
1671(the)S
1768(passwords)S
2040(in)S
2110(it)S
2164([Raleigh1988].)S
2570(This)S
2700(approach)S
2944(has)S
449 2169(wo)U
544(major)S
707(drawbacks.)S
1021(The)S
1137(\256rst)S
1252(is)S
1314(that)S
1427(the)S
1523(checking)S
1763(is)S
1825(very)S
1954(time)S
2084(consuming.)S
2405(Even)S
2551(a)S
2600(system)S
2789(with)S
2917(only)S
2994 2241(o)U
432 2313(c)U
432 2241(100)U
548(accounts)S
785(can)S
895(take)S
1022(over)S
1155(a)S
1208(month)S
1388(to)S
1461(diligentl)S
1663(y)S
1719(check.)S
1920(A)S
1988(halfhearte)S
2230(d)S
2285(check)S
2451(is)S
2516(almost)S
2702(as)S
2777(bad)S
2889(as)S
2964(n)S
459 2313(heck)U
597(at)S
665(all,)S
765(since)S
913(users)S
1060(will)S
1178(\256nd)S
1295(it)S
1353(easy)S
1483(to)S
1553(circumvent)S
1848(the)S
1945(easy)S
2075(checks)S
2262(and)S
2372(still)S
2486(have)S
2623(vulnerable)S
2901(pass-)S
432 2457(f)U
432 2385(words.)U
637(The)S
755(second)S
946(drawback)S
1203(is)S
1266(that)S
1380(it)S
1437(is)S
1500(very)S
1630(resource)S
1857(consuming.)S
2179(The)S
2296(machine)S
2524(which)S
2694(is)S
2757(being)S
2914(used)S
452 2457(or)U
528(password)S
780(checking)S
1024(is)S
1090(not)S
1193(likely)S
1357(to)S
1430(be)S
1513(very)S
1646(useful)S
1819(for)S
1914(much)S
2073(else,)S
2207(since)S
2356(a)S
2408(fast)S
2520(password)S
2771(checker)S
2984(is)S
432 2622(A)U
432 2529(also)U
549(extremel)S
761(y)S
811(CPU)S
947(intensive.)S
475 2622(nother)U
652(popular)S
859(approach)S
1103(to)S
1173(eradica)S
1348(ting)S
1464(easy-to-guess)S
1813(passwords)S
2084(is)S
2146(to)S
2215(force)S
2361(users)S
2506(to)S
2575(change)S
2768(their)S
2901(pass-)S
3004 2694(-)U
432 2766(w)U
432 2694(words)U
604(with)S
737(some)S
890(frequency.)S
1192(In)S
1267(theory,)S
1461(while)S
1620(this)S
1732(does)S
1867(not)S
1969(actuall)S
2131(y)S
2186(elimina)S
2368(te)S
2437(any)S
2549(easy-to-guess)S
2901(pass)S
475 2766(ords,)U
619(it)S
679(prevents)S
909(the)S
1009(cracker)S
1212(from)S
1354(dissecting)S
1620(/)S
2 F
(etc)R
1 F
(/)R
2 F
(passwd)R
1 F
1926(``at)S
2035(leisure,'')S
2276(since)S
2425(once)S
2564(an)S
2646(account)S
2859(is)S
2924(bro-)S
3009 2838(.)U
432 2910(T)U
432 2838(ken,)U
558(it)S
616(is)S
680(likely)S
842(that)S
957(that)S
1072(account)S
1284(will)S
1402(have)S
1540(had)S
1651(it's)S
1752(password)S
2002(changed.)S
2262(This)S
2393(is)S
2457(of)S
2530(course,)S
2725(only)S
2855(theory)S
469 2910(he)U
547(biggest)S
742(disadvantage)S
1078(is)S
1139(that)S
1251(there)S
1393(is)S
1454(usually)S
1649(nothing)S
1854(to)S
1921(prevent)S
2122(a)S
2169(user)S
2289(from)S
2426(changing)S
2667(their)S
2798(password)S
2997 2982(e)U
432 3054(s)U
432 2982(from)U
574(``Daniel'')S
840(to)S
912(``Victor'')S
1171(to)S
1243(``Klein'')S
1482(and)S
1594(back)S
1733(again)S
1889(\(to)S
1981(use)S
2086(myself)S
2275(as)S
2350(an)S
2432(example\))S
2682(each)S
2818(time)S
2950(th)S
455 3054(ystem)U
622(demands)S
859(a)S
909(new)S
1032(password.)S
1316(Experience)S
1610(has)S
1712(shown)S
1890(that)S
2003(even)S
2139(when)S
2291(this)S
2400(type)S
2526(of)S
2598(password)S
2846(cycling)S
2994 3126(y)U
432 3198(g)U
432 3126(is)U
499(precluded,)S
779(users)S
928(are)S
1028(easily)S
1195(able)S
1322(to)S
1395(circumvent)S
1693(simple)S
1880(tests)S
2013(by)S
2099(using)S
2255(easily)S
2422(remembere)S
2694(d)S
2750(\(and)S
2883(easil)S
462 3198(uessed\))U
668(passwords)S
943(such)S
1079(as)S
1155(``dvkJanuary,'')S
1553(``dvkFebruary,'')S
1981(etc)S
2072([Reid1989].)S
2407(A)S
2476(good)S
2621(password)S
2872(is)S
2937(one)S
432 3342(a)U
432 3270(that)U
545(is)S
607(easily)S
770(remembere)S
1042(d,)S
1109(yet)S
1205(dif\256cult)S
1418(to)S
1487(guess.)S
1677(When)S
1843(confronted)S
2125(with)S
2253(a)S
2301(choice)S
2480(between)S
2702(rememberi)S
2964(ng)S
481 3342(password)U
729(or)S
800(creating)S
1016(one)S
1124(that)S
1236(is)S
1297(hard)S
1425(to)S
1493(guess,)S
1662(users)S
1806(will)S
1921(almost)S
2103(always)S
2291(opt)S
2389(for)S
2480(the)S
2575(easy)S
2703(way)S
2824(out,)S
2937(and)S
432 3507(W)U
432 3414(throw)U
592(security)S
803(to)S
870(the)S
964(wind.)S
489 3507(hich)U
615(brings)S
787(us)S
862(to)S
931(the)S
1027(third)S
1163(popular)S
1368(option,)S
1558(namely)S
1757(that)S
1869(of)S
1940(assigned)S
2168(passwords.)S
2473(These)S
2638(are)S
2733(often)S
2878(words)S
432 3651(a)U
432 3579(from)U
573(a)S
624(dictionary,)S
908(pronounceable)S
1287(nonsense)S
1531(words,)S
1716(or)S
1790(random)S
1997(strings)S
2180(of)S
2253(charact)S
2428(ers.)S
2556(The)S
2673(problems)S
2920(here)S
459 3651(re)U
528(numerous)S
787(and)S
896(manifest.)S
1161(Words)S
1343(from)S
1482(a)S
1531(dictionary)S
1798(are)S
1894(easily)S
2057(guessed,)S
2284(as)S
2356(we)S
2448(have)S
2584(seen.)S
2747(Pronounce-)S
432 3795(s)U
432 3723(able)U
555(nonsense)S
797(words)S
965(\(such)S
1117(as)S
1189(``trobacar'')S
1489(or)S
1561(``myclepat)S
1823(e''\))S
1931(are)S
2026(often)S
2171(dif\256cult)S
2383(to)S
2451(remember,)S
2732(and)S
2840(random)S
455 3795(trings)U
613(of)S
684(charact)S
859(ers)S
950(\(such)S
1101(as)S
1172(``h3rT+aQz''\))S
1539(are)S
1633(even)S
1767(harder)S
1941(to)S
2008(commit)S
2213(to)S
2280(memory.)S
2536(Because)S
2757(these)S
2901(pass-)S
432 3939(t)U
432 3867(words)U
603(have)S
742(no)S
827(personal)S
1056(mnemonic)S
1336(association)S
1629(to)S
1701(the)S
1800(users,)S
1963(they)S
2092(will)S
2210(often)S
2358(write)S
2506(them)S
2651(down)S
2808(to)S
2879(aid)S
2977(in)S
449 3939(heir)U
563(recollec)S
755(tion.)S
904(This)S
1031(immedia)S
1243(tely)S
1354(discards)S
1571(any)S
1678(security)S
1889(that)S
2000(might)S
2161(exist,)S
2310(because)S
2521(now)S
2644(the)S
2738(password)S
2984(is)S
3004 4011(-)U
432 4083(i)U
432 4011(visibly)U
617(associated)S
886(with)S
1014(the)S
1109(system)S
1297(in)S
1364(question.)S
1623(It)S
1680(is)S
1740(akin)S
1864(to)S
1931(leaving)S
2129(the)S
2223(key)S
2330(under)S
2487(the)S
2581(door)S
2711(mat,)S
2837(or)S
2907(writ)S
449 4083(ng)U
529(the)S
623(combinati)S
865(on)S
945(to)S
1012(a)S
1059(safe)S
1176(behind)S
1360(the)S
1454(picture)S
1642(that)S
1753(hides)S
1900(it.)S
3004 4176(f)U
432 4248(e)U
432 4176(A)U
501(fourth)S
674(method)S
881(is)S
947(the)S
1047(use)S
1153(of)S
1229(``smart)S
1429(cards.'')S
1657(These)S
1827(credit)S
1991(card)S
2121(sized)S
2271(devices)S
2477(contain)S
2680(some)S
2832(form)S
2974(o)S
459 4248(ncryption)U
721(\256rmware)S
969(which)S
1147(will)S
1271(``respond'')S
1571(to)S
1648(an)S
1735(electroni)S
1947(c)S
2004(``challenge)S
2276('')S
2346(issued)S
2526(by)S
2616(the)S
2720(system)S
2917(onto)S
2994 4320(o)U
432(which)S
601(the)S
697(user)S
819(is)S
881(attempt)S
1063(ing)S
1162(to)S
1231(gain)S
1357(accce)S
1492(ss.)S
1595(Without)S
1815(the)S
1911(smart)S
2067(card,)S
2208(the)S
2303(user)S
2424(\(or)S
2515(cracker\))S
2734(is)S
2795(unable)S
2977(t)S
EP
%%Page: ? 9
BP
1 F
60 Z
1673 222(-)U
1713(9)S
1763(-)S
3004 438(-)U
432 510(i)U
432 438(respond)U
643(to)S
711(the)S
805(challenge)S
1037(,)S
1072(and)S
1179(is)S
1239(denied)S
1420(access)S
1594(to)S
1661(the)S
1755(system.)S
1977(The)S
2091(problems)S
2335(with)S
2462(smart)S
2616(cards)S
2763(have)S
2897(noth)S
449 510(ng)U
530(to)S
598(do)S
679(with)S
807(security,)S
1034(for)S
1125(in)S
1193(fact)S
1305(they)S
1430(are)S
1525(very)S
1653(good)S
1794(warders)S
2005(for)S
2096(your)S
2226(system.)S
2448(The)S
2562(drawbacks)S
2839(are)S
2933(that)S
432 654(a)U
432 582(they)U
561(can)S
670(be)S
752(expensive)S
1018(and)S
1130(must)S
1271(be)S
1352(carried)S
1544(at)S
1612(all)S
1697(times)S
1852(that)S
1967(access)S
2145(to)S
2216(the)S
2314(system)S
2505(is)S
2569(desired.)S
2802(They)S
2950(are)S
459 654(lso)U
555(a)S
608(bit)S
697(of)S
772(overkill)S
985(for)S
1080(research)S
1306(or)S
1381(educationa)S
1643(l)S
1685(systems,)S
1915(or)S
1990(systems)S
2205(with)S
2337(a)S
2389(high)S
2521(degree)S
2707(of)S
2782(user)S
2907(turn-)S
432 819(C)U
432 726(over.)U
472 819(learly,)U
647(then,)S
788(since)S
934(all)S
1017(of)S
1089(these)S
1235(systems)S
1447(have)S
1583(drawbacks)S
1862(in)S
1931(some)S
2080(environments,)S
2445(an)S
2523(additional)S
2786(way)S
2907(must)S
3 F
432 1035(3)U
1 F
432 891(be)U
509(found)S
669(to)S
736(aid)S
830(in)S
897(password)S
1143(security.)S
3 F
462 1035(.1.)U
562(A)S
625(Proactive)S
890(Password)S
1156(Checker)S
1 F
432 1128(T)U
(he)R
553(best)S
677(solution)S
898(to)S
972(the)S
1073(problem)S
1301(of)S
1377(having)S
1567(easily)S
1734(guessed)S
1950(passwords)S
2225(on)S
2311(a)S
2364(system)S
2557(is)S
2623(to)S
2696(prevent)S
2903(them)S
3004 1200(-)U
432 1272(i)U
432 1200(from)U
570(getting)S
759(on)S
840(the)S
935(system)S
1123(in)S
1190(the)S
1284(\256rst)S
1397(place.)S
1580(If)S
1640(a)S
1687(program)S
1911(such)S
2041(as)S
2111(a)S
2158(password)S
2404(checker)S
2 F
2612(reacts)S
1 F
2779(by)S
2859(detect)S
449 1272(ng)U
532(guessable)S
789(passwords)S
1061(already)S
1262(in)S
1332(place,)S
1498(then)S
1625(although)S
1859(the)S
1956(security)S
2170(hole)S
2297(is)S
2360(found,)S
2538(the)S
2635(hole)S
2761(existed)S
2954(for)S
3009 1344(,)U
432 1416(t)U
432 1344(as)U
503(long)S
631(as)S
702(it)S
757(took)S
885(the)S
980(program)S
1205(to)S
1273(detect)S
1438(it)S
1492(\(and)S
1619(for)S
1709(the)S
1803(user)S
1923(to)S
1990(again)S
2141(change)S
2332(the)S
2426(password\).)S
2727(If,)S
2802(however)S
449 1416(he)U
532(program)S
762(which)S
935(changes)S
1155(user's)S
1324(passwords)S
1599(\(i.e.,)S
1734(/)S
2 F
(bin)R
1 F
(/)R
2 F
(passwd)R
1 F
(\))R
2067(checks)S
2257(for)S
2353(the)S
2453(safety)S
2623(and)S
2736(guessability)S
432 1581(I)U
2 F
432 1488(before)U
1 F
606(that)S
717(password)S
963(is)S
1023(associated)S
1291(with)S
1418(the)S
1512(user's)S
1675(account,)S
1898(then)S
2022(the)S
2116(security)S
2327(hole)S
2451(is)S
2511(never)S
2665(put)S
2762(in)S
2829(place.)S
452 1581(n)U
508(an)S
591(ideal)S
735(world,)S
916(the)S
1016(proactive)S
1267(password)S
1519(changer)S
1736(would)S
1912(require)S
2109(eight)S
2256(charact)S
2431(er)S
2504(passwords)S
2778(which)S
2950(are)S
432 1725(l)U
432 1653(not)U
531(in)S
600(any)S
709(dictionary,)S
991(with)S
1120(at)S
1186(least)S
1319(one)S
1428(control)S
1621(charact)S
1796(er)S
1864(or)S
1935(punctuation)S
2241(charact)S
2416(er,)S
2499(and)S
2607(mixed)S
2779(upper)S
2937(and)S
449 1725(ower)U
593(case)S
721(letters.)S
928(Such)S
1072(a)S
1123(degree)S
1308(of)S
1382(security)S
1597(\(and)S
1728(of)S
1802(accompa)S
2017(nying)S
2178(inconvenienc)S
2500(e)S
2550(to)S
2620(the)S
2717(users\))S
2883(might)S
432 1869(b)U
432 1797(be)U
513(too)S
614(much)S
772(for)S
866(some)S
1017(sites,)S
1162(though.)S
1387(Therefore,)S
1663(the)S
1760(proactive)S
2008(checker)S
2219(should)S
2402(be)S
2482(tuneable)S
2710(on)S
2793(a)S
2843(per-site)S
462 1869(asis.)U
609(This)S
738(tuning)S
914(could)S
1070(be)S
1149(accompli)S
1371(shed)S
1502(either)S
1661(through)S
1869(recompila)S
2111(tion)S
2226(of)S
2297(the)S
2 F
2392(passwd)S
1 F
2589(program,)S
2829(or)S
2900(more)S
432 2034(A)U
432 1941(preferably,)U
715(through)S
922(a)S
969(site)S
1073(con\256guration)S
1414(\256le.)S
475 2034(s)U
526(distributed,)S
827(the)S
929(behavior)S
1168(of)S
1246(the)S
1348(proactive)S
1601(checker)S
1817(should)S
2005(be)S
2090(that)S
2209(of)S
2287(attaini)S
2439(ng)S
2526(maximum)S
2798(password)S
2994 2106(o)U
432 2178(b)U
432 2106(security)U
644(\261)S
695(with)S
823(the)S
918(system)S
1106(administrat)S
1378(or)S
1449(being)S
1604(able)S
1726(to)S
1794(turn)S
1912(off)S
2003(certain)S
2189(checks.)S
2408(It)S
2465(would)S
2635(be)S
2712(desireable)S
2977(t)S
462 2178(e)U
512(able)S
635(to)S
704(test)S
810(for)S
902(and)S
1011(reject)S
1168(all)S
1251(password)S
1499(permutati)S
1731(ons)S
1836(that)S
1949(were)S
2088(detecte)S
2260(d)S
2312(in)S
2381(this)S
2490(research)S
2713(\(and)S
2842(others\),)S
432 2250(including:)U
6 F
582 2358(g)U
1777(g)S
1 F
694 2430(n)U
694 2358(Passwords)U
974(based)S
1139(on)S
1227(the)S
1329(user's)S
1499(account)S
724 2430(ame)U
1889 2358(Passwords)U
2174(based)S
2344(on)S
2436(the)S
2542(user's)S
2717(initial)S
2859(s)S
6 F
582 2502(g)U
1777(g)S
1 F
1889 2430(or)U
1959(given)S
2113(name)S
694 2502(Passwords)U
971(which)S
1142(exactly)S
1341(match)S
1513(a)S
1564(word)S
1661 2574(\))U
694(in)S
761(a)S
808(dictionary)S
1073(\(not)S
1190(just)S
1297(/)S
2 F
(usr)R
1 F
(/)R
2 F
(dict)R
1 F
(/)R
2 F
(words)R
1 F
1889 2502(Passwords)U
2171(which)S
2347(match)S
2524(a)S
2580(word)S
2732(in)S
2808(the)S
2862 2574(-)U
1889 2646(t)U
1889 2574(dictionary)U
2157(with)S
2287(some)S
2436(or)S
2508(all)S
2591(letters)S
2761(capi)S
1906 2646(alized)U
6 F
582 2718(g)U
1777(g)S
1 F
694(Passwords)S
1000(which)S
1201(match)S
1403(a)S
1483(reversed)S
694 2790(word)U
837(in)S
904(the)S
998(dictionary)S
1889 2718(Passwords)U
2195(which)S
2396(match)S
2598(a)S
2678(reversed)S
2865 2790(l)U
1889 2862(l)U
1889 2790(word)U
2035(in)S
2105(the)S
2202(dictionary)S
2470(with)S
2600(some)S
2749(or)S
2821(al)S
1906 2862(etters)U
2057(capital)S
2219(ized)S
6 F
582 2934(g)U
1777(g)S
1 F
694(Passwords)S
983(which)S
1167(match)S
1352(a)S
1416(word)S
1576(in)S
1660(a)S
1667 3006(r)U
694 3078(t)U
694 3006(dictionary)U
1002(with)S
1172(an)S
1292(arbitrary)S
1562(lette)S
711 3078(urned)U
868(into)S
982(a)S
1029(control)S
1220(charact)S
1395(er)S
1889 2934(Passwords)U
2185(which)S
2376(match)S
2567(a)S
2637(dictionary)S
2852 3006(d)U
1889 3078(`)U
1889 3006(word)U
2032(with)S
2159(the)S
2253(numbers)S
2480(`0',)S
2585(`1',)S
2690(`2',)S
2795(an)S
1909 3078(5')U
1995(substituted)S
2292(for)S
2398(the)S
2507(letters)S
2690(`o',)S
2810('l',)S
6 F
582 3150(g)U
1777(g)S
1 F
694(Passwords)S
983(which)S
1167(are)S
1278(simple)S
1476(conjuga-)S
1672 3222(,)U
694 3294(a)U
694 3222(tions)U
835(of)S
909(a)S
960(dictionary)S
1229(word)S
1376(\(i.e.,)S
1508(plurals)S
721 3294(dding)U
891(``ing'')S
1081(or)S
1164(``ed'')S
1333(to)S
1412(the)S
1518(end)S
1637(of)S
694 3366(the)U
788(word,)S
946(etc.\))S
1889 3150(Passwords)U
2169(which)S
2344(are)S
2446(patterns)S
2664(from)S
2808(the)S
6 F
582 3438(g)U
1777(g)S
1 F
1889 3222(keyboard)U
2133(\(i.e.,)S
2262(``aaaaa)S
2437(a'')S
2524(or)S
2594(``qwerty''\))S
694 3438(Passwords)U
991(which)S
1183(are)S
1301(shorter)S
1512(than)S
1660(a)S
1667 3510(r)U
694 3582(t)U
694 3510(speci\256c)U
928(length)S
1129(\(i.e.,)S
1287(nothing)S
1520(shorte)S
711 3582(han)U
818(six)S
908(charact)S
1083(ers\))S
1889 3438(Passwords)U
2200(which)S
2405(consist)S
2630(solely)S
2832(of)S
1889 3582(n)U
1889 3510(numeric)U
2110(charact)S
2285(ers)S
2377(\(i.e.,)S
2508(Social)S
2681(Security)S
1919 3582(umbers,)U
2169(telephone)S
2462(numbers,)S
2742(house)S
6 F
582 3726(g)U
1777(g)S
1 F
1889 3654(addresses)U
2139(or)S
2209(of\256ce)S
2366(numbers\))S
694 3726(Passwords)U
972(which)S
1145(do)S
1231(not)S
1333(contain)S
1536(mixed)S
1664 3798(s)U
694 3870(a)U
694 3798(upper)U
859(and)S
974(lower)S
1138(case,)S
1284(or)S
1361(mixed)S
1539(letter)S
721 3870(nd)U
831(numbers,)S
1103(or)S
1203(mixed)S
1403(letters)S
1600(and)S
694 3942(punctuation)U
1889 3726(Passwords)U
2189(which)S
2384(look)S
2539(like)S
2677(a)S
2751(state-)S
1889 3798(issued)U
2059(license)S
2247(plate)S
2385(number)S
3009 4071(,)U
432 4143(m)U
432 4071(The)U
555(con\256guration)S
905(\256le)S
1011(which)S
1187(speci\256es)S
1423(the)S
1526(level)S
1673(of)S
1752(checking)S
1999(need)S
2142(not)S
2248(be)S
2333(readable)S
2566(by)S
2654(users.)S
2840(In)S
2918(fact)S
479 4143(aking)U
639(this)S
752(\256le)S
855(unreadable)S
1146(by)S
1231(users)S
1379(\(and)S
1511(by)S
1596(potential)S
1833(crackers\))S
2079(enhances)S
2325(system)S
2517(security)S
2733(by)S
2818(hiding)S
2997(a)S
3004 4215(-)U
432 4287(n)U
432 4215(valuable)U
659(guide)S
815(to)S
884(what)S
1023(passwords)S
2 F
1294(are)S
1 F
1396(accept)S
1551(able)S
1673(\(and)S
1801(conversely,)S
2098(which)S
2266(kind)S
2394(of)S
2465(passwords)S
2735(simply)S
2920(can)S
462 4287(ot)U
529(be)S
606(found\).)S
EP
%%Page: ? 10
BP
1 F
60 Z
1658 222(-)U
1698(10)S
1778(-)S
3004 438(-)U
432 510(t)U
432 438(Of)U
524(course,)S
725(to)S
801(make)S
961(this)S
1077(proactive)S
1331(checker)S
1548(more)S
1701(effective)S
1913(,)S
1957(it)S
2019(woule)S
2194(be)S
2279(necessary)S
2541(to)S
2616(provide)S
2828(the)S
2930(dic)S
449 510(ionaries)U
667(that)S
785(were)S
929(used)S
1066(in)S
1140(this)S
1254(research)S
1482(\(perhaps)S
1716(augmented)S
2008(on)S
2095(a)S
2149(per-site)S
2357(basis\).)S
2559(Even)S
2710(more)S
2860(impor-)S
3004 582(r)U
432 654(w)U
432 582(tantly,)U
606(in)S
674(addition)S
893(to)S
961(rejecti)S
1113(ng)S
1194(passwords)S
1464(which)S
1631(could)S
1785(be)S
1862(easily)S
2023(guessed,)S
2248(the)S
2342(proactive)S
2587(password)S
2833(change)S
475 654(ould)U
605(also)S
725(have)S
862(to)S
932(tell)S
1032(the)S
1128(user)S
2 F
1250(why)S
1 F
1369(a)S
1418(particula)S
1630(r)S
1672(password)S
1920(was)S
2035(unaccept)S
2250(able,)S
2388(and)S
2497(give)S
2623(the)S
2719(user)S
2841(sugges-)S
3 F
432 870(4)U
1 F
432 726(tions)U
569(as)S
639(to)S
706(what)S
843(an)S
920(accept)S
1075(able)S
1196(password)S
1442(looks)S
1592(like.)S
3 F
462 870(.)U
517(Conclusion)S
823(\(and)S
959(Sermon\))S
1 F
432 963(I)U
(t)R
494(has)S
599(often)S
748(been)S
887(said)S
1009(that)S
1125(``good)S
1310(fences)S
1489(make)S
1644(good)S
1788(neighbors.'')S
2124(On)S
2221(a)S
2272(Unix)S
2416(system,)S
2622(many)S
2780(users)S
2927(also)S
2994 1035(n)U
432 1107(a)U
432 1035(say)U
536(that)S
651(``I)S
735(don't)S
885(care)S
1009(who)S
1135(reads)S
1285(my)S
1385(\256les,)S
1523(so)S
1599(I)S
1642(don't)S
1792(need)S
1929(a)S
1979(good)S
2122(password.'')S
2446(Regrettabl)S
2698(y,)S
2766(leaving)S
2967(a)S
459 1107(ccount)U
646(vulnerable)S
927(to)S
1000(attack)S
1171(is)S
1237(not)S
1340(the)S
1440(same)S
1590(thing)S
1740(as)S
1816(leaving)S
2020(\256les)S
2146(unprotected.)S
2492(In)S
2568(the)S
2668(latter)S
2819(case,)S
2963(all)S
3007 1179(t)U
432 1251(r)U
432 1179(that)U
546(is)S
609(at)S
676(risk)S
789(is)S
852(the)S
949(data)S
1073(contained)S
1331(in)S
1401(the)S
1498(unprotected)S
1805(\256les,)S
1942(while)S
2098(in)S
2167(the)S
2263(former,)S
2464(the)S
2560(whole)S
2729(system)S
2918(is)S
2980(a)S
452 1251(isk.)U
579(Leaving)S
799(the)S
895(front)S
1034(door)S
1166(to)S
1235(your)S
1367(house)S
1529(open,)S
1683(or)S
1755(even)S
1891(putting)S
2084(a)S
2133(\257imsy)S
2305(lock)S
2431(on)S
2513(it,)S
2584(is)S
2646(an)S
2724(invitati)S
2896(on)S
2977(to)S
3001 1323(s)U
432 1395(v)U
432 1323(the)U
538(unfortunately)S
895(ubiquitous)S
1181(people)S
1374(with)S
1513(poor)S
1655(morals.)S
1886(The)S
2012(same)S
2168(holds)S
2329(true)S
2454(for)S
2555(an)S
2643(account)S
2862(that)S
2984(i)S
462 1395(ulnerable)U
707(to)S
774(attack)S
939(by)S
1019(password)S
1265(cracking)S
1493(techniques.)S
3001 1488(s)U
432 1560(k)U
432 1488(While)U
606(it)S
666(may)S
796(not)S
899(be)S
982(actuall)S
1144(y)S
1200(true)S
1320(that)S
1437(good)S
1582(fences)S
1761(make)S
1917(good)S
2062(neighbors,)S
2339(a)S
2391(good)S
2536(fence)S
2692(at)S
2761(least)S
2897(help)S
462 1560(eep)U
577(out)S
685(the)S
790(bad)S
908(neighbors.)S
1211(Good)S
1375(passwords)S
1655(are)S
1760(equivalent)S
2042(to)S
2119(those)S
2276(good)S
2426(fences,)S
2625(and)S
2742(a)S
2799(proactive)S
3 F
432 1776(R)U
1 F
432 1632(checker)U
640(is)S
700(one)S
807(way)S
927(to)S
994(ensure)S
1171(that)S
1282(those)S
1429(fences)S
1603(are)S
1697(in)S
1764(place)S
2 F
1912(before)S
1 F
2086(a)S
2133(breakin)S
2334(problem)S
2555(occurs.)S
3 F
475 1776(eference)U
690(s)S
1 F
715 1890(.)U
432(Morris1979)S
582 1962(Robert)U
769(T.)S
844(Morris)S
1030(and)S
1140(Ken)S
1262(Thompson,)S
1556(``Password)S
1847(Security:)S
2087(A)S
2152(Case)S
2291(History,'')S
2 F
2548(Communications)S
2977(of)S
582 2034(the)U
676(ACM)S
1 F
(,)R
838(vol.)S
950(22,)S
1045(no.)S
1140(11,)S
1235(pp.)S
1330(594-597,)S
1565(November)S
1839(1979.)S
665 2127(.)U
432(DES1975)S
582 2199(``Proposed)U
896(Federal)S
1128(Information)S
1467(Processing)S
1778(Data)S
1943(Encryption)S
2262(Standard,'')S
2 F
2582(Federal)S
2823(Register)S
1 F
432 2364(B)U
2 F
582 2271(\(40FR12134\))U
1 F
(,)R
941(March)S
1118(17,)S
1213(1975.)S
472 2364(ishop1988.)U
582 2436(M)U
(att)R
721(Bishop,)S
931(``An)S
1069(Application)S
1378(of)S
1452(a)S
1503(Fast)S
1627(Data)S
1765(Encryption)S
2057(Standard)S
2295(Implement)S
2557(ation,'')S
2 F
2757(Computing)S
1 F
432 2601(F)U
2 F
582 2508(Systems)U
1 F
(,)R
807(vol.)S
919(1,)S
984(no.)S
1079(3,)S
1144(pp.)S
1239(221-254,)S
1474(Summer)S
1698(1988.)S
465 2601(eldmeie)U
657(r1989.)S
582 2673(D)U
(avid)R
750(C.)S
826(Feldmeier)S
1092(and)S
1200(Philip)S
1365(R.)S
1440(Karn,)S
1595(``UNIX)S
1804(Password)S
2053(Security)S
2274(\261)S
2324(Ten)S
2438(Years)S
2598(Later,'')S
2 F
2801(CRYPTO)S
582 2745(Proceedings)U
1 F
(,)R
918(Summer)S
1142(1989.)S
706 2838(.)U
432(Leong1991)S
582 2910(Philip)U
761(Leong)S
950(and)S
1072(Chris)S
1237(Tham,)S
1428(``UNIX)S
1651(Password)S
1914(Encryption)S
2216(Considered)S
2524(Insecure,'')S
2 F
2817(USENIX)S
1 F
432 3075(S)U
2 F
582 2982(Winter)U
766(Conference)S
1064(Proceedings)S
1 F
(,)R
1400(January)S
1607(1991.)S
465 3075(pafford1988.)U
582 3147(E)U
(ugene)R
797(H.)S
889(Spafford,)S
1148(``The)S
1316(Internet)S
1537(Worm)S
1724(Program:)S
1981(An)S
2087(Analysis,'')S
2385(Purdue)S
2588(Technica)S
2810(l)S
2860(Report)S
432 3312(G)U
582 3219(CSD-TR-823,)U
940(Purdue)S
1130(University,)S
1419(November)S
1693(29,)S
1788(1988.)S
475 3312(rampp1984.)U
582 3384(F)U
(.)R
654(Grampp)S
875(and)S
986(R.)S
1065(Morris,)S
1267(``Unix)S
1451(Operating)S
1716(System)S
1917(Security,'')S
2 F
2197(AT&T)S
2371(Bell)S
2493(Labs)S
2633(Technical)S
2894(Jour-)S
582 3456(nal)U
1 F
(,)R
694(vol.)S
806(63,)S
901(no.)S
996(8,)S
1061(pp.)S
1156(1649-1672,)S
1451(October)S
1665(1984.)S
713 3549(.)U
432(Riddle1989)S
582 3621(Bruce)U
758(L.)S
842(Riddle,)S
1050(Murray)S
1262(S.)S
1342(Miron,)S
1539(and)S
1658(Judith)S
1837(A.)S
1926(Semo,)S
2109(``Passwords)S
2432(in)S
2510(Use)S
2634(in)S
2712(a)S
2770(University)S
582 3693(Timesharing)U
907(Environment,'')S
2 F
1297(Computers)S
1580(&)S
1647(Security)S
1 F
(,)R
1880(vol.)S
1992(8,)S
2057(no.)S
2152(7,)S
2217(pp.)S
2312(569-579,)S
2547(November)S
2821(1989.)S
716 3786(.)U
432(Alvare1988)S
582 3858(Ana)U
716(Marie)S
894(De)S
998(Alvare)S
1196(and)S
1317(E.)S
1403(Eugene)S
1618(Schultz,)S
1847(Jr.,)S
1953(``A)S
2069(Framework)S
2379(for)S
2482(Password)S
2744(Selection,'')S
432 4023(R)U
2 F
582 3930(USENIX)U
809(UNIX)S
969(Security)S
1187(Workshop)S
1450(Proceedings)S
1 F
(,)R
1786(August)S
1979(1988.)S
472 4023(aleigh1988.)U
582 4095(T)U
(.)R
667(Raleigh)S
888(and)S
1008(R.)S
1096(Underwood,)S
1427(``CRACK:)S
1723(A)S
1799(Distributed)S
2103(Password)S
2365(Advisor,'')S
2 F
2645(USENIX)S
2884(UNIX)S
582 4167(Security)U
800(Workshop)S
1063(Proceedings)S
1 F
(,)R
1399(August)S
1592(1988.)S
EP
%%Page: ? 11
BP
1 F
60 Z
1658 222(-)U
1698(11)S
1778(-)S
432 438(Reid1989.)U
582 510(Dr.)U
680(Brian)S
834(K)S
897(Reid,)S
1046(DEC)S
1186(Western)S
1407(Research)S
1648(Laboratory,)S
1951(1989.)S
2126(Personal)S
2353(communica)S
2635(tion.)S
EP
%%Trailer
pscatsave end restore
%%Pages: 11