[12] in linux-security and linux-alert archive
Re: Shadow Passwords?
daemon@ATHENA.MIT.EDU (Roman Gollent)
Mon Mar 6 13:43:15 1995
From: Roman Gollent <roman@portal.stwing.upenn.edu>
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 6 Mar 1995 12:50:08 -0500 (EST)
In-Reply-To: <m0rlWAh-000xA5C@hq.jcic.org> from "Daniel Hollis" at Mar 5, 95 10:21:33 pm
Reply-To: linux-security@tarsier.cv.nrao.edu
> One of the most common hacker techniques is grabbing your /etc/passwd and
> running it against a dictionary. This only reveals poorly chosen
> passwords, but should not be possible at all. Shadow passwords defeat this.
[SNIP] <For the sake of brevity>
I was wondering if there was ever going to be a move to make shadowing
a standard, ie: Have all distributions come with shadowing by
default. Since there are many other Un*x os that come with shadowing
turned on, why can't the same be done for Linux distributions, or at
least the popular ones? This isn't a criticism, just an open question.
Roman
