On Sun, 17 Nov 1996, The Deviant wrote:
Well, this certainly *IS* a different statement than I read from you before. I don't find anything to disagree with here. Though, if your passwords can't be cracked, what is the need for shadow passwords? It simply introduces more variables and offers no more security.
While thats all well and good, its also easier said than done. A creative cracker can beat a lot of password filter routines. As somebody said to me earlier, belt _and_ suspenders works best. ;)
Agreed, for a large number of users (say >1,000) it is quite difficult for one thing, running crack can be too time consuming to be feasible. For a small number of users (many of the LANs I administer have less than 30 users), however, it is not at all difficult. It helps, of course, if you can trust your local users --- possible when there are only a few and you know them all, impossible when there are many and they are faceless. The less work I have to do to keep the systems/network secure, the more time I can make available for *real* work on those system. Few sites can afford a full-time security person, that is the reality that I live in anyway. cheers, kinch