Re: Unchangeable passwords
From: Volker Birk (bumens_at_dingens.org)
Date: Mon, 6 Oct 2003 03:57:44 +0200
Nico Kadel-Garcia <firstname.lastname@example.org> wrote:
>> Storing such keys offers new security risks.
> As opposed to a set of UID=0 accounts, each with their own passwords,
> which was your suggestion? They're *different* security risks, but I
> think more manageable.
I don't think so. It is difficult to store hashes, because you can
attack them if they're disclosed. But one needs time to do that, and
with some hashes the attacker has no chance to break them (hopefully
every UID 0 password and the hashing algorithm should be so, that
breaking the hashes will not be possible by the knowledge we have),
so if somebody discloses hashes, you don't loose any security, and
you have time to react.
If somebody discloses private keys, that was it.
Therefore, storing such keys offers new security risks.
-- X-Pie Software GmbH Postfach 1540, 88334 Bad Waldsee Phone +49-7524-996806 Fax +49-7524-996807 mailto:email@example.com http://www.x-pie.de