Date: Sun, 15 Dec 1996 17:10:04 -0700 (MST) From: Digital Dreamer <dreamer@garrison.inetcan.net> To: Terry Lambert <terry@lambert.org> Cc: Bob Bishop <rb@gid.co.uk>, terry@lambert.org, proff@iq.org, security@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: vulnerability in new pw suite Message-ID: <Pine.LNX.3.91.961215170735.10575A-100000@garrison.inetcan.net> In-Reply-To: <199612152039.NAA23837@phaeton.artisoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 15 Dec 1996, Terry Lambert wrote: > Heh. > > Please define "unsafe" in the context of a functional (inaccessible for > pre-salt-based attacks) shadow password system. > > 8-) 8-). > > I'm tired of having passwd not let me use whatever password I want, > considering that with a shadow file, the user will have to brute-force > it through /bin/login or equivalent. It seems the harder it becomes to > see my post-encryption password, the more anal the passwd command > becomes about making post-encryption passwords "safe" from attacks > which are impossible to institute unless root has been compromised. > > Just my opinion about anal passwd programs... The idea, from what I understand, is to act as if you don't have shadow passwords, and therefore not rely on them. Security through obscurity and all that. For example, let's say someone breaks root on your machine. Ok, you're in a lot of trouble. But let's attempt to minimize the damage by not giving them 6e12 accounts to log on as in the future when/if they're discovered by handing over the passwords for them on a silver plate. It takes a lot longer to get all your users to change passwords than it takes to fix a backdoored /bin/login. dreamer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.91.961215170735.10575A-100000>