[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC: A UNIX crypt(3) replacement

To: The Deviant <[email protected]>
Subject: Re: RFC: A UNIX crypt(3) replacement
From: Dave Kinchlea <[email protected]>
Date: Sun, 17 Nov 1996 14:20:35 -0800 (PST)
cc: Adam Shostack <[email protected]>, [email protected]
In-Reply-To: <[email protected]>
Posted-Date: Sun, 17 Nov 1996 14:20:36 -0800
Sender: [email protected]

On Sun, 17 Nov 1996, The Deviant wrote:
> 
> Oh.. you misunderstand what I'm saying... I'm not saying its unemportant
> for you to have good passwords or anything like that, I'm just pointing
> out that rather than replace the entire system, its more prudent to fully
> install it.
> 
> I still think admins should run crack against their own lists, etc., but
> that still shouldn't be a problem to a good cracker.  If you've just
> gotten root on a system, you start backdooring everything, not trying to
> crack the password list.

Well, this certainly *IS* a different statement than I read from you
before. I don't find anything to disagree with here. Though, if your
passwords can't be cracked, what is the need for shadow passwords? It
simply introduces more variables and offers no more security.

cheers

Follow-Ups:
- Re: RFC: A UNIX crypt(3) replacement
  - From: The Deviant <[email protected]>

References:
- Re: RFC: A UNIX crypt(3) replacement
  - From: The Deviant <[email protected]>

Prev by Date: Re: RFC: A UNIX crypt(3) replacement
Next by Date: Re: RFC: A UNIX crypt(3) replacement
Prev by thread: Re: RFC: A UNIX crypt(3) replacement
Next by thread: Re: RFC: A UNIX crypt(3) replacement
Index(es):
- Date
- Thread