[1522] in bugtraq
Re: passwd hashing algorithm
daemon@ATHENA.MIT.EDU (John Adams)
Tue Apr 18 17:06:29 1995
Date: Mon, 17 Apr 1995 15:47:07 -0400
From: John Adams <jna@concorde.com>
To: perry@imsi.com, rhaas@cygnus.arc.nasa.gov
Cc: adam@bwh.harvard.edu, bugtraq@fc.net, rfb@lehman.com
Yes,Yes, a sniffer could be installed, but this assumes your attacker
has physical access to your site. A bigger worry is sniffing on
any of the networks before you.
If you are working in an environment that needs a higher level of
security than just passwords, run S/Key, or go for the overly expensive
(but easier to use) solution of SecureID.
-john
