Re: What is md5sum?
Date: Wed, 30 Jun 2004 09:04:05 +0200
> But of course, the reason you mention is also important -- perhaps
> the most important one; after all, in principle one trusts the
> system administrator of a system that one uses, so hiding the
> password from him/her should be considered not-too-important (at
> least in an ideal world :-)).
Unfortunately, in practice people often use the same password for
several accounts (even if they know they shouldn't), so that's at least
one good reason for even a trusted administrator to not know his users'
passwords. Then of course that's a protection against an intruder who
somehow gains access to the password file. Before shadow passwords were
introduced, that was rather simple, so using hashes was a really good
idea. By the way, if you administer a system with many users, try and
run John the Ripper over your shadow file using a simple dictionary
generated by aspell. I had read that people often choose weak passwords,
but didn't really believe they choose so weak passwords so often until I
run John and after 48 hours had half of the passwords cracked. Affected
users were notified, but they didn't seem to care much - security
counciousness isn't a popular virtue :)
- Re: Password questions/problems
... your server as the administrator to do something on the server. ... Here are some recommendations on your user account and passwords ... Reason: User MUST change passwords within 90 days. ...
- Re: Network setup problems
... each with a different userid? ... > must have identical userids and passwords setup on both the client ... The ongoing task of synchronising userids and passwords, ...
- Re: Administrator(s)
... Strong passwords are long, contain digits, special c ... locate any account that he has and disable it. ... child has knowledge of. ... > I have been the "administrator" since I installed XP ...
- Re: Password question
... Do a parallel installation of Windows 2000 or install to a different ... From reading your posts I take it that the former employee left on not very good terms, or that he had a grudge. ... If he left on bad terms and if you know how to contact him, a letter from an attorney explaining to him that he willfully damaged company property and that you demand that he supply these passwords or you will take legal action might be enough to convince him to give up. ... be logged on as an Administrator. ...
- Re: Security using Sharepoint
... AND make it a really long hunking pass PHRASE that can't be brute forced. ... with long complex passwords. ... > login attempts, however, I am concerned that brute force ... > I removed administrator from the "Remote Web Workplace ...