Date: Sun, 15 Dec 1996 15:40:43 -0600 (CST) From: Aleph One <aleph1@dfw.net> To: Terry Lambert <terry@lambert.org> Cc: Bob Bishop <rb@gid.co.uk>, proff@iq.org, security@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: vulnerability in new pw suite Message-ID: <Pine.SUN.3.94.961215153914.15514A-100000@dfw.dfw.net> In-Reply-To: <199612152039.NAA23837@phaeton.artisoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 15 Dec 1996, Terry Lambert wrote: > I'm tired of having passwd not let me use whatever password I want, > considering that with a shadow file, the user will have to brute-force > it through /bin/login or equivalent. It seems the harder it becomes to > see my post-encryption password, the more anal the passwd command > becomes about making post-encryption passwords "safe" from attacks > which are impossible to institute unless root has been compromised. Just because the passwd is shadowed does not mean it wont be cracked. The are programs that will brute force passwords using POP, TELNET, RSH, etc. > > Regards, > Terry Lambert > terry@lambert.org > --- > Any opinions in this posting are my own and not those of my present > or previous employers. > Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.94.961215153914.15514A-100000>