[1033] in Kerberos
Trivial passwords
daemon@ATHENA.MIT.EDU (Clifford Neuman)
Tue Jun 19 10:33:36 1990
Date: Tue, 19 Jun 90 06:54:31 -0700
From: bcn@CS.WASHINGTON.EDU (Clifford Neuman)
To: smb@ULYSSES.ATT.COM
Cc: kerberos@MIT.EDU
In-Reply-To: smb@ulysses.att.com's message of Tue, 19 Jun 90 04:10:06 EDT <9006190810.AA18888@june.cs.washington.edu>
While I will agree that other clients in the realm might be affected
to some extent, I still believe that our primary responsibility w.r.t.
the selection of passwords is to prevent the user from unwittingly
choosing poor ones. A user that is going to take the initiative to
circumvent the checking on the client is even more likely to
compromise his password in other ways. Perhaps by writing it on a
post-it note on his terminal, or perhaps even by making his password
common knowledge (e.g. RMS).
~ Cliff
