Hi! On Wed, 16 Aug 2000, Bogdan Zapca wrote:
Much ado about nothin', i think. Roman is right. If an attacker has access to your encrypted password there's nothing to worry about, you've been hacked. I one sets up a good security policy (tcp wrappers, firewall, user acces) there's nothing to worry about cracked passwords. Using something like shadow works just fine. You could even set up a plain text password file instead of crypt, md5, blowfish and others.
Please, do add an "IMHO" at the begining of each sentence.
True, to a certain extent. Although personally I prefer the added safety of passwords that take more than a few days to crack. Sometimes a bug in some otehr program enables remote users to obtain the /etc/shadow file. Read some old CERT or Bugtraq mails for inspiration :o) Cheers! Yuri. -------------------------------------------------------------------------- drs. Yuri Robbers phone : +31-71-527-4966 Leiden University fax : +31-71-527-4900 Institute for Theoretical Biology email : robbers@rulsfb.leidenuniv.nl Kaiserstraat 63 2311 GP Leiden PGP 5.0 public key available: the Netherlands Check your favourite hkp server. --------------------------------------------------------------------------