Found, a new rootkit
Paul Howarth
paul at city-fan.org
Thu Apr 6 15:00:56 UTC 2006
Tim wrote:
> Les Mikesell:
>>> How do you prevent re-use without keeping plain text or reversibly
>>> encrypted copies of the old ones laying around waiting to be
>>> stolen?
>
> Mikkel L. Ellertson:
>> You keep copies of the old encrypted passwords around, and compare
>> the new one to them. If they match, reject the password. After all,
>> you do that to the current one every time someone tries to log in.
>
> I don't think that'd work if each time the system encrypts the same
> password, the encrypted version is a new hash.
You know what the hashes of the old encrypted passwords are so you just
encrypt the new password with the same hash.
Paul.
More information about the fedora-list
mailing list