Re: unix passwords

• Previous message: karim: "Re: How to give read only permissions to a directory ro a user?"
• In reply to: David Magda: "Re: unix passwords"
• Next in thread: David Magda: "Re: unix passwords"
• Reply: David Magda: "Re: unix passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 25 Apr 2003 21:28:24 +0000 (UTC)

In article <86sms6epmf.fsf@number6.magda.ca>, David Magda wrote:
>elvis@notatla.demon.co.uk (all mail refused) writes:
>> >Not much use in that. Most systems that store the password in
>> >/etc/shadow these days also use the MD5 based hash and not the crypt(3)
>> >based hash which John the Ripper attacks. Since the MD5 based one is
>>
>> John does md5 too...
>
>Using MD5 instead of DES (which is what crypt(3) basically is)
>doesn't really solve any security issues -- it just moves them into
>the future.

Restricting passwords to 8 significant chars doesn't count as a security
issue in your eyes ?

-- 
decoy mail addresses: obtain username via 0x4f/tcp or 0x50/tcp
I don't use: mpeti_ka15@rediffmail.com sales@licaplast.com
             stopmail100@emailacc.com  sir_nat_the_brat@hotmail.com

• Previous message: karim: "Re: How to give read only permissions to a directory ro a user?"
• In reply to: David Magda: "Re: unix passwords"
• Next in thread: David Magda: "Re: unix passwords"
• Reply: David Magda: "Re: unix passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: unix passwords ... > security issue in your eyes? ... Of course it's a security issue, but I don't see what I said has ... (comp.security.unix) Re: question about releases and ports ... David Magda wrote in article: ... Actually, there is the security release that contains only security fixes, ... "A witty saying proves nothing." ... (comp.unix.bsd.freebsd.misc)