Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ accept_pw(S) — System V/386 Software Development System 3.2.2b

Media Vault

Software Library

Restoration Projects

Artifacts Sought



     ACCEPT_PW(S)              UNIX System V              ACCEPT_PW(S)



     Name
          acceptable_password - determine if password is cryptic

     Syntax
          #include <sys/types.h>
          #include <sys/security.h>
          #include <sys/audit.h>
          #include <prot.h>

          int acceptable_password (word, stream)
          char *word;
          FILE *stream;

     Description
          This routine determines if the given password is reasonable,
          i.e., that it is very hard to deduce from a number of
          heuristic means.  The cleartext (plaintext) password is
          passed as the first argument and the file pointer of the
          stream to report failure reasons is the second argument.  If
          this checking is to be silent, the second argument should be
          the NULL file pointer.

          When acceptable_password returns a 1, the password provided
          meets all the tests below.  When it returns a 0, the
          password failed to meet at least one of the tests.

          The selectivity criteria for the password include but may
          not be limited to the following four tests:

          Palindrome     This test passes if the word is not a
                         palindrome.  (A palindrome is spelled the
                         same backwards as forwards.) Examples of
                         palindromes that fail on this test are:  mom,
                         dad, noon, redivider, radar.  Palindromes do
                         not make good passwords because they reduce
                         an n character password to n/2 + 1
                         characters.  A penetrator knowing that
                         palindromes were legal could use heuristics
                         that could deduce the password much more
                         quickly than if they were excluded.

          Login Name     This test passes if the password is not a
                         login name for the system.  The many insecure
                         systems allow passwords to be the login name
                         itself.  This is a fact known by many
                         penetrators.  All login names are excluded
                         because a user that is the owner of several
                         pseudo-user accounts may elect to use the
                         login name of one account as the password for
                         all his accounts.

          Group Name     Similar to the login name issue, this test
                         passes if the password is not a group name.

          English word   This test passes if the spell(C) determines
                         that this is not an English word.  A
                         penetrator then could not search the on-line
                         dictionary to find the password.  The spell
                         program also has some built-in rules that go
                         beyond the actual on-line dictionary in
                         determining what is a proper word, and this
                         routine takes advantage of that.

     Notes
          This routine only works as advertised when
          set_auth_parameters is called as the first item in main().

     Files
          /etc/passwd
          /etc/group
          /usr/lib/spell/*

     See Also
          spell(C), getpwent(S), getgrent(S)

     Value Added
          acceptable_password is an extension of AT&T System V
          provided by the Santa Cruz Operation.

                                                (printed 6/20/89)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026