jack@cwi.nl (Jack Jansen) (01/03/89)
Reading the whole passwords discussion, I've just come up with my first silly idea for 1989: How about making encryption of passwords take time inversely proportional to the passwords' complexity? In other words: if your password consists of lower-case only you encrypt it 1000/strlen(password) times. Divide by two if it contains a digit or an upper case char. Divide by 4 for every non-alphanumeric. Divide by 8 for every control char. etc etc. Now, every time a novice user logs in with a password that is too simple, you notify him/her that logging in will only take 2 seconds in stead of the current 30 seconds if he/she changes the password to something more complicated. That'll educate them, Hah! -- Fight war, not wars | Jack Jansen, jack@cwi.nl Destroy power, not people! -- Crass | (or mcvax!jack)