[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC: A UNIX crypt(3) replacement

To: Dave Kinchlea <[email protected]>
Subject: Re: RFC: A UNIX crypt(3) replacement
From: The Deviant <[email protected]>
Date: Sun, 17 Nov 1996 22:21:41 +0000 (GMT)
cc: Adam Shostack <[email protected]>, [email protected]
In-Reply-To: <[email protected]>
Organization: The Silicon Pirates
Sender: [email protected]

On Sun, 17 Nov 1996, Dave Kinchlea wrote:

> On Sun, 17 Nov 1996, The Deviant wrote:
> > 
> > Oh.. you misunderstand what I'm saying... I'm not saying its unemportant
> > for you to have good passwords or anything like that, I'm just pointing
> > out that rather than replace the entire system, its more prudent to fully
> > install it.
> > 
> > I still think admins should run crack against their own lists, etc., but
> > that still shouldn't be a problem to a good cracker.  If you've just
> > gotten root on a system, you start backdooring everything, not trying to
> > crack the password list.
> 
> Well, this certainly *IS* a different statement than I read from you
> before. I don't find anything to disagree with here. Though, if your
> passwords can't be cracked, what is the need for shadow passwords? It
> simply introduces more variables and offers no more security.

While thats all well and good, its also easier said than done.  A creative
cracker can beat a lot of password filter routines.  As somebody said to
me earlier, belt _and_ suspenders works best. ;)

 --Deviant
Blood flows down one leg and up the other.

Follow-Ups:
- Re: RFC: A UNIX crypt(3) replacement
  - From: Dave Kinchlea <[email protected]>

References:
- Re: RFC: A UNIX crypt(3) replacement
  - From: Dave Kinchlea <[email protected]>

Prev by Date: Re: RFC: A UNIX crypt(3) replacement
Next by Date: Re: Members of Parliament Problem
Prev by thread: Re: RFC: A UNIX crypt(3) replacement
Next by thread: Re: RFC: A UNIX crypt(3) replacement
Index(es):
- Date
- Thread