Re: secure passwords

From: armin walland (geschrei_at_gmx.at)
Date: 05/11/03


Date: Sun, 11 May 2003 09:13:59 GMT

On Sun, 11 May 2003 01:42:22 GMT, Whoever <nobody@devnull.none> wrote:

> Except that the whole idea of shadow passwords is that the cracker does
> not have direct access to the password hashes, so he must go through an
> authentication services to perform a brute force attack.

yes, believe, my boxes are quite well secured and up to date, i just
wanted think about the case where an attacker really had access to
/etc/shadow
 
> This will be
> *much* slower. If the cracker has the shadow password file, then it is
> already over!

well, that is what i am trying to find out right now. i believe /any/
password can be cracked if there is enough cpu time available, i just
believe that a password that takes 5 years to crack on a fast(tm)
machine it might be less interesting.

-- 
life, the universe and everything
http://www.dtch.org