summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc972.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc972.txt')
-rw-r--r--doc/rfc/rfc972.txt114
1 files changed, 114 insertions, 0 deletions
diff --git a/doc/rfc/rfc972.txt b/doc/rfc/rfc972.txt
new file mode 100644
index 0000000..7ab2bb8
--- /dev/null
+++ b/doc/rfc/rfc972.txt
@@ -0,0 +1,114 @@
+
+
+Network Working Group F. Wancho
+Request for Comments: 972 WSMR
+ January 1986
+
+ Password Generator Protocol
+
+
+STATUS OF THIS MEMO
+
+ This RFC specifies a standard for the ARPA Internet community. Hosts
+ on the ARPA Internet that choose to implement a Password Generator
+ Protocol (PWDGEN) are expected to adopt and implement this standard.
+ Distribution of this memo is unlimited.
+
+BACKGROUND
+
+ Many security-conscious host administrators are becoming increasingly
+ aware that user-selected login passwords are too easy to guess for
+ even casual penetration attempts. Some sites have implemented
+ dictionary lookup techniques in their password programs to prevent
+ ordinary words from being used. Others have implemented some variant
+ of a randomly generated password with mixed success. The problem
+ arises from the fact that such passwords are difficult to remember
+ because they cannot be pronounced or are based on a relatively short
+ cycle pseudo-random number generator.
+
+ A version of the PWDGEN algorithm briefly described below has been in
+ use for several years at a small number of sites in the Internet.
+ Interest has recently been expressed at porting this algorithm to
+ other sites. However, the relatively short cycle and the resulting
+ randomness of the pseudo-random number generator available on these
+ sites tends to interfere with the intended result of minimizing the
+ potential duplication of passwords both within a site and across
+ sites when a user has access to more than one site.
+
+ The PWDGEN Service described herein provides a means for sites to
+ offer a list of possible passwords for the user to choose one from
+ the first set, or optionally select from another set. With more than
+ one site offering this service, it is then possible to randomly
+ select which site to use and have multiple fallback sites should that
+ site be unavailable.
+
+ Description
+
+ The PWDGEN Service provides a set of six randomly generated
+ eight-character CRLF-delimited "words" with a reasonable level of
+ pronounceability, using a multi-level algorithm. An
+ implementation of the algorithm is available in FORTRAN-77 for
+ examination and possible implementation by system administrators
+ only.
+
+
+
+Wancho [Page 1]
+
+
+
+RFC 972 January 1986
+Password Generator Protocol
+
+
+ The uniqueness of the generated words is highly dependent on the
+ randomness of the initial seed value used. The availability of a
+ single system-wide seed, updated after each access is highly
+ desireable. Seeds based on a time-of-day clock are unacceptable.
+ Seed values should be stored as values in excess of 32 bits for
+ best performance.
+
+ TCP Based PWDGEN Service
+
+ One PWDGEN service is defined as a connection based application on
+ TCP. A server listens for TCP connections on TCP port 129. Once
+ a connection is established, the six CRLF-delimited words are
+ generated and sent to the caller, and the connection is closed by
+ the server. No dialog is used or required.
+
+ UDP Based PWDGEN Service
+
+ Another possible PWDGEN service is defined as a datagram based
+ application on UDP. A server listens for UDP datagrams on UDP
+ port 129. When a datagram is received, the six CRLF-delimited
+ words are sent back in an answering datagram.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Wancho [Page 2]
+