Re: What is md5sum?
From: Micha³ Kosmulski (M.Kosmulski_at_NOSPAM.elka.pw.edu.pl)
Date: 06/30/04
- Next message: Micha³ Kosmulski: "Re: What is md5sum?"
- Previous message: TCS: "Re: Can I setup Redhat Fedora on a Dual Boot...."
- In reply to: Carlos Moreno: "Re: What is md5sum?"
- Next in thread: Carlos Moreno: "Re: What is md5sum?"
- Reply: Carlos Moreno: "Re: What is md5sum?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 30 Jun 2004 09:04:05 +0200
> But of course, the reason you mention is also important -- perhaps
> the most important one; after all, in principle one trusts the
> system administrator of a system that one uses, so hiding the
> password from him/her should be considered not-too-important (at
> least in an ideal world :-)).
Unfortunately, in practice people often use the same password for
several accounts (even if they know they shouldn't), so that's at least
one good reason for even a trusted administrator to not know his users'
passwords. Then of course that's a protection against an intruder who
somehow gains access to the password file. Before shadow passwords were
introduced, that was rather simple, so using hashes was a really good
idea. By the way, if you administer a system with many users, try and
run John the Ripper over your shadow file using a simple dictionary
generated by aspell. I had read that people often choose weak passwords,
but didn't really believe they choose so weak passwords so often until I
run John and after 48 hours had half of the passwords cracked. Affected
users were notified, but they didn't seem to care much - security
counciousness isn't a popular virtue :)
Michal
- Next message: Micha³ Kosmulski: "Re: What is md5sum?"
- Previous message: TCS: "Re: Can I setup Redhat Fedora on a Dual Boot...."
- In reply to: Carlos Moreno: "Re: What is md5sum?"
- Next in thread: Carlos Moreno: "Re: What is md5sum?"
- Reply: Carlos Moreno: "Re: What is md5sum?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
