John Summerfied debian at
Wed Dec 14 07:16:34 UTC 2005

Michael A. Peters wrote:
> On Sun, 2005-12-11 at 00:28 -0600, Jeff Vian wrote:
>>Besides, the password cracker is enough to confirm that no current
>>passwords and no existing account is 100% secure.
> Fedora implements shadow.
> If they did not get root, the presence of a passwd cracker is
> meaningless - you need to have read access of the shadow file for the
> cracker to do any good.

That's actually not true. I have (or create) a list of candidate 
passwords and try them in turn.

Or I consult a dictionary of encrypted passwords and the passwords used 
to create the encrypted password. Someone's in the process of creating 
such a dictionary right now.



-- spambait
1aaaaaaa at  Z1aaaaaaa at
Tourist pics

do not reply off-list

More information about the fedora-list mailing list