[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] How to check your Password File for shadowing

Subject: Re: [cobalt-users] How to check your Password File for shadowing
From: Fabrice Prémel <fabrice@xxxxxxxxxx>
Date: Wed Oct 4 10:53:03 2000
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

>If a cracker get ahold of a un-shadowed password file
>there is a good chance that a command line program
>called John The Ripper can un-encript the encripted
>password file.

Encrypted passwords can not be decrypted. Programs that pretend to 
crack a password file just do brute-force on it : they have a 
dictionnary, they encrypt every word in it (plus some common 
spellings, such a 0 at the end of word), and they compare these 
results with what's in password file. Which means that if all 
passwords are well chosen, they should not be able to get one.

But do not rely on this. Shadow passwords are good, for they do not 
cost much, and they are a great security improvement.

Just a little precision,

Fabrice Prémel.

References:
- [cobalt-users] How to check your Password File for shadowing
  - From: Franklin S. Werren

Prev by Date: Re: [cobalt-users] PHP4 installed - need to integrate into Postgres
Next by Date: Re: [cobalt-users] Sun Solaris??? Bad Business Decision
Previous by thread: [cobalt-users] How to check your Password File for shadowing
Next by thread: RE: [cobalt-users] How to check your Password File for shadowing

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index