Movatterモバイル変換

Network Working Group                                          F. WanchoRequest for Comments: 972                                           WSMR                                                            January 1986Password Generator ProtocolSTATUS OF THIS MEMO   This RFC specifies a standard for the ARPA Internet community.  Hosts   on the ARPA Internet that choose to implement a Password Generator   Protocol (PWDGEN) are expected to adopt and implement this standard.   Distribution of this memo is unlimited.BACKGROUND   Many security-conscious host administrators are becoming increasingly   aware that user-selected login passwords are too easy to guess for   even casual penetration attempts.  Some sites have implemented   dictionary lookup techniques in their password programs to prevent   ordinary words from being used.  Others have implemented some variant   of a randomly generated password with mixed success.  The problem   arises from the fact that such passwords are difficult to remember   because they cannot be pronounced or are based on a relatively short   cycle pseudo-random number generator.   A version of the PWDGEN algorithm briefly described below has been in   use for several years at a small number of sites in the Internet.   Interest has recently been expressed at porting this algorithm to   other sites.  However, the relatively short cycle and the resulting   randomness of the pseudo-random number generator available on these   sites tends to interfere with the intended result of minimizing the   potential duplication of passwords both within a site and across   sites when a user has access to more than one site.   The PWDGEN Service described herein provides a means for sites to   offer a list of possible passwords for the user to choose one from   the first set, or optionally select from another set.  With more than   one site offering this service, it is then possible to randomly   select which site to use and have multiple fallback sites should that   site be unavailable.   Description      The PWDGEN Service provides a set of six randomly generated      eight-character CRLF-delimited "words" with a reasonable level of      pronounceability, using a multi-level algorithm.  An      implementation of the algorithm is available in FORTRAN-77 for      examination and possible implementation by system administrators      only.Wancho                                                          [Page 1]

RFC 972                                                     January 1986Password Generator Protocol      The uniqueness of the generated words is highly dependent on the      randomness of the initial seed value used.  The availability of a      single system-wide seed, updated after each access is highly      desireable.  Seeds based on a time-of-day clock are unacceptable.      Seed values should be stored as values in excess of 32 bits for      best performance.   TCP Based PWDGEN Service      One PWDGEN service is defined as a connection based application on      TCP.  A server listens for TCP connections on TCP port 129.  Once      a connection is established, the six CRLF-delimited words are      generated and sent to the caller, and the connection is closed by      the server. No dialog is used or required.   UDP Based PWDGEN Service      Another possible PWDGEN service is defined as a datagram based      application on UDP.  A server listens for UDP datagrams on UDP      port 129.  When a datagram is received, the six CRLF-delimited      words are sent back in an answering datagram.Wancho                                                          [Page 2]