Re: Case sensitive passwords in 7.2-6 C1

From: Ken Fairfield (My.Full.Name_at_intel.com)
Date: 05/02/03 

Date: Fri, 02 May 2003 14:43:20 -0700

David Webb wrote:
>
> In article <b096a4ee.0305020857.236937f6@posting.google.com>, spamsink2001@yahoo.com (Alan E. Feldman) writes:
> >Didier Morandi <Didier.Morandi.nospam@Free.fr> wrote in message news:<3EB211B0.9000706@Free.fr>...
> >> Is there any other interest in case sensitivity for passwords than to increase
> >> the number of different passwords combinations?
> >>
> >> D.
> >
> >
> >I agree with the other posters that it is a bad idea to have case
> >sensitivite passwords.
> >
> >If you do do it, I'd limit it to critical servers.
> >
> >You *can* overdo a good thing.
> >
>
> Unfortunately it is usually written into organisation's security policies that
> passwords will contain mixed case letters (and usually also a numeric or
> special character). This makes it very difficult for VMS since it is the odd
> one out and this lack is easily exploited by those who wish to portray it as
> being a "security failing" of VMS. Perception is everything.

        In fact, this is a very real issue. It is much easier to give
a user one set of rules for a good/acceptible password, than to have
to say, "Oh, but on VMS the only special characters are dollar-sign and
underscore, and it ignores upper- versus lowercase." Sigh...

        I agree with all that's been said about the drawbacks, but in
the real, hetrogeneous, nay, Windows-centric world, having the ability
to use case-senstive passwords plus an extended selection of "special"
characters can be a real benefit.

        -Ken 

--
I don't speak for Intel, Intel doesn't speak for me...
Ken Fairfield
D1C Automation VMS System Support 
Who:   kennethDOThDOTfairfield
Where: intelDOTcom

Relevant Pages

  • Re: how to modify complexity password policy
    ... The special character can be any ... it will help strengthen your passwords quite a bit. ... > please help to tell me to modify complexity password in a domain. ... > e.g only char or number, but not sepecial char. ...
    (microsoft.public.windows.server.security)
  • Re: See what a weak password will get ya?
    ... > I'm not sure the July 19 log snippet is related, ... > Just wanted to share the need for strong passwords. ... At least 1 special character ... characters to make letters also helps. ...
    (Debian-User)
  • Re: Case sensitive passwords in 7.2-6 C1
    ... > passwords will contain mixed case letters (and usually also a numeric or ... > special character). ... This makes it very difficult for VMS since it is the odd ...
    (comp.os.vms)
  • Re: List of common weak passwords.
    ... contains both upper and lowercase characters ... and at least one special character such as the asterisk '*' ... share or email passwords leaves your machine ...
    (microsoft.public.security.virus)
  • Re: Question for the Group
    ... a possible reason why VMS wasn't affected might by ... Wasn't there this easy possiblity to break in with some ... If it's particularly easy to obtain such passwords, ... and the installation procedure ...
    (comp.os.vms)