Network Working Group                                          F. Wancho
Request for Comments: 972                                           WSMR
                                                           January 1986

                     Password Generator Protocol


STATUS OF THIS MEMO

  This RFC specifies a standard for the ARPA Internet community.  Hosts
  on the ARPA Internet that choose to implement a Password Generator
  Protocol (PWDGEN) are expected to adopt and implement this standard.
  Distribution of this memo is unlimited.

BACKGROUND

  Many security-conscious host administrators are becoming increasingly
  aware that user-selected login passwords are too easy to guess for
  even casual penetration attempts.  Some sites have implemented
  dictionary lookup techniques in their password programs to prevent
  ordinary words from being used.  Others have implemented some variant
  of a randomly generated password with mixed success.  The problem
  arises from the fact that such passwords are difficult to remember
  because they cannot be pronounced or are based on a relatively short
  cycle pseudo-random number generator.

  A version of the PWDGEN algorithm briefly described below has been in
  use for several years at a small number of sites in the Internet.
  Interest has recently been expressed at porting this algorithm to
  other sites.  However, the relatively short cycle and the resulting
  randomness of the pseudo-random number generator available on these
  sites tends to interfere with the intended result of minimizing the
  potential duplication of passwords both within a site and across
  sites when a user has access to more than one site.

  The PWDGEN Service described herein provides a means for sites to
  offer a list of possible passwords for the user to choose one from
  the first set, or optionally select from another set.  With more than
  one site offering this service, it is then possible to randomly
  select which site to use and have multiple fallback sites should that
  site be unavailable.

  Description

     The PWDGEN Service provides a set of six randomly generated
     eight-character CRLF-delimited "words" with a reasonable level of
     pronounceability, using a multi-level algorithm.  An
     implementation of the algorithm is available in FORTRAN-77 for
     examination and possible implementation by system administrators
     only.



Wancho                                                          [Page 1]



RFC 972                                                     January 1986
Password Generator Protocol


     The uniqueness of the generated words is highly dependent on the
     randomness of the initial seed value used.  The availability of a
     single system-wide seed, updated after each access is highly
     desireable.  Seeds based on a time-of-day clock are unacceptable.
     Seed values should be stored as values in excess of 32 bits for
     best performance.

  TCP Based PWDGEN Service

     One PWDGEN service is defined as a connection based application on
     TCP.  A server listens for TCP connections on TCP port 129.  Once
     a connection is established, the six CRLF-delimited words are
     generated and sent to the caller, and the connection is closed by
     the server. No dialog is used or required.

  UDP Based PWDGEN Service

     Another possible PWDGEN service is defined as a datagram based
     application on UDP.  A server listens for UDP datagrams on UDP
     port 129.  When a datagram is received, the six CRLF-delimited
     words are sent back in an answering datagram.




























Wancho                                                          [Page 2]


You are viewing proxied material from gopher.rbfh.de. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.