Re: secure passwords
From: armin walland (geschrei_at_gmx.at)
Date: Sun, 11 May 2003 09:13:59 GMT
On Sun, 11 May 2003 01:42:22 GMT, Whoever <email@example.com> wrote:
> Except that the whole idea of shadow passwords is that the cracker does
> not have direct access to the password hashes, so he must go through an
> authentication services to perform a brute force attack.
yes, believe, my boxes are quite well secured and up to date, i just
wanted think about the case where an attacker really had access to
> This will be
> *much* slower. If the cracker has the shadow password file, then it is
> already over!
well, that is what i am trying to find out right now. i believe /any/
password can be cracked if there is enough cpu time available, i just
believe that a password that takes 5 years to crack on a fast(tm)
machine it might be less interesting.
-- life, the universe and everything http://www.dtch.org