[32] in linux-security and linux-alert archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Shadow Passwords?

daemon@ATHENA.MIT.EDU (Todd Larason)
Tue Mar 7 03:56:22 1995

Date: Mon, 6 Mar 1995 22:25:58 -0600 (CST)
From: Todd Larason <jtl@molehill.org>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199503070059.TAA00500@proteus.cs.unc.edu>
Reply-To: linux-security@tarsier.cv.nrao.edu

On Mon, 6 Mar 1995, Rik Faith wrote:

I agree with everything said here, but think one point needs to be made 
stronger, although it may already be obvious.

> Basically, when a user changes her
> password, these programs compare the selection to a dictionary (and to the
> gecos field, etc.) in the same way that a password cracker would.

It isn't (or shouldn't be) just like a password cracker would; the 
routine has access to the plaintext, so can 'work backwards' to do a very 
thorough check cheaply.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[32] in linux-security and linux-alert archive

Re: Shadow Passwords?

daemon@ATHENA.MIT.EDU (Todd Larason)Tue Mar 7 03:56:22 1995

daemon@ATHENA.MIT.EDU (Todd Larason)
Tue Mar 7 03:56:22 1995