On Sun, 17 Nov 1996, Dave Kinchlea wrote:
On Sun, 17 Nov 1996, The Deviant wrote:
Oh.. you misunderstand what I'm saying... I'm not saying its unemportant for you to have good passwords or anything like that, I'm just pointing out that rather than replace the entire system, its more prudent to fully install it.
I still think admins should run crack against their own lists, etc., but that still shouldn't be a problem to a good cracker. If you've just gotten root on a system, you start backdooring everything, not trying to crack the password list.
Well, this certainly *IS* a different statement than I read from you before. I don't find anything to disagree with here. Though, if your passwords can't be cracked, what is the need for shadow passwords? It simply introduces more variables and offers no more security.
While thats all well and good, its also easier said than done. A creative cracker can beat a lot of password filter routines. As somebody said to me earlier, belt _and_ suspenders works best. ;) --Deviant Blood flows down one leg and up the other.