[35] in linux-security and linux-alert archive
Re: Sh*dow Passwords?
daemon@ATHENA.MIT.EDU (Piers Cawley)
Tue Mar 7 07:33:45 1995
Date: Tue, 7 Mar 1995 10:25:17 +0000 (GMT)
From: Piers Cawley <pdcawley@ftech.co.uk>
To: linux-security@tarsier.cv.nrao.edu
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <m0rlqjv-000xCcC@hq.jcic.org>
Reply-To: linux-security@tarsier.cv.nrao.edu
On Mon, 6 Mar 1995, Daniel Hollis wrote:
> Does anyone know of weaknesses in the shadow package? Shortcomings? It
> would be a chance to correct them, if any -- and have a freely
> redistributable shadow package.
Passwords are too short. Okay, you can extend to 15 characters, but from
my own experience it is far easier to remember a phrase than a
cryptically spelt 10 char password... Hell, then even classics like:
There ain't know such thing as a 3 lunch
become hard for a cracker to get to through brute force...
Of course convicing two finger typist users that this would be a good
thing is left as an exercise to the reader.
Piers Cawley -- Systems Sheriff on the Frontier Internet Service
Frontier Internet -- Sellers of Web Space and Internet Connectivity
