Re: unix passwords
From: David Magda (dmagda+netnews_at_ee.ryerson.ca)
Date: 04/29/03
- Previous message: Greg Hennessy: "Re: Checkpoint Secure Remote Client w/OpenBSD firewall"
- In reply to: all mail refused: "Re: unix passwords"
- Next in thread: Dennis G. Rears: "Re: unix passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Apr 2003 08:15:23 -0400
elvis@notatla.demon.co.uk (all mail refused) writes:
> In article <86sms6epmf.fsf@number6.magda.ca>, David Magda wrote:
> >elvis@notatla.demon.co.uk (all mail refused) writes:
> >> >Not much use in that. Most systems that store the password in
> >> >/etc/shadow these days also use the MD5 based hash and not the crypt(3)
> >> >based hash which John the Ripper attacks. Since the MD5 based one is
> >>
> >> John does md5 too...
> >
> >Using MD5 instead of DES (which is what crypt(3) basically is)
> >doesn't really solve any security issues -- it just moves them into
> >the future.
>
> Restricting passwords to 8 significant chars doesn't count as a
> security issue in your eyes ?
Of course it's a security issue, but I don't see what I said has
anything to do with that.
I missed part of the thread so we may be on slightly different
frequencies here.
-- David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/ Because the innovator has for enemies all those who have done well under the old conditions, and lukewarm defenders in those who may do well under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
- Previous message: Greg Hennessy: "Re: Checkpoint Secure Remote Client w/OpenBSD firewall"
- In reply to: all mail refused: "Re: unix passwords"
- Next in thread: Dennis G. Rears: "Re: unix passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
