Date: Wed, 30 Aug 1995 20:55:24 -0700 To: cypherpunks@toad.com From: alano@teleport.com (Alan Olsen) (by way of Alan Olsen <alano@teleport.com Subject: [comp.security.unix] Advice on password security guidelines I found this on alt.humor.best-of.usenet. It seemed like something that would be appreciated here. (And it is not that far off topic.) Enjoy! ----------------------------------------------------------- In alt.humor.best-of-usenet, Artur Pioro <artur@thp2.if.uj.edu.pl> wrote:

From: Paul Ashton <paul@argo.demon.co.uk> Newsgroups: comp.security.unix Subject: Advice on password security guidelines

Hi, my boss has asked me for comments and improvements on his new password security policy. To me, it seems a bit severe. If anyone can offer any additional suggestions please do, here goes...

For immediate issue: Password changing guidelines V2.2b

Due to new security policies, the following guidelines have been issued to assist in choosing new passwords. Please follow them closely.

Passwords must conform to at least 21 of the following attributes.

1. Minimum length 8 characters 2. Not in any dictionary. 3. No word or phrase bearing any connection to the holder. 4. Containing no characters in the ASCII character set. 5. No characters typeable on a Sun type 5 keyboard 6. No subset of one character or more must have appeared on Usenet news, /dev/mem, rand(3), or the King James bible (version 0.1alpha) 7. Must be quantum theoretically secure, i.e. must automatically change if observed (to protect against net sniffing). 8. Binary representation must not contain any of the sequences 00 01 10 11, commonly known about in hacker circles. 9. Be provably different from all other passwords on the internet. 10. Not be representable in any human language or written script. 11. Colour passwords must use a minimum 32 bit pallette. 12. Changed prior to every use. 13. Resistant to revelation under threat of physical violence. 14. Contain tissue samples of at least 3 vital organs. 15. Incontravertible by OJ Simpsons lawyers. 16. Undecodable by virtue of application of 0 way hash function. 17. Odourless, silent, invisible, tasteless, weightless, shapeless, lacking form and inert. 18. Contain non-linear random S-boxes (without a backdoor). 19. Self-escrowable to enable authorities to capture kiddie-porn people and baddies but not the goodies ("but we'll only decode it with a court order, honest"). 20. Not decryptable by exhaustive application of possible one time pads.

Due to the severity of the restrictions, if the password is entered incorrectly 3 times at login time, you will be asked if you would like to pick a new one.

Please add guidelines to the above and adjust the minimum conformation requirement, if applicable.

-- Moderators accept or reject articles based solely on the criteria posted in the Frequently Asked Questions. Article content is the responsibility of the submittor. Submit articles to ahbou-sub@acpub.duke.edu. To write to the moderators, send mail to ahbou-mod@acpub.duke.edu.

| Spam is the Devil's toothpaste! | alano@teleport.com | |"It's only half a keyserver. I had to split the | Disclaimer: | |other half with the government man." - Black Art | Ignore the man | | -- PGP 2.6.2 key available on request -- | behind the keyboard.| | http://www.teleport.com/~alano | <fnord> |