Found, a new rootkit
Craig White
craigwhite at azapple.com
Wed Apr 5 03:41:32 UTC 2006
On Tue, 2006-04-04 at 22:25 -0500, Les Mikesell wrote:
> On Tue, 2006-04-04 at 21:58, jdow wrote:
>
> > > Another good guide is:
> > >
> > > Enforce changing of passwords on at least a monthly basis.
> > > Do not permit re-use of old passwords.
> >
> > Experience indicates that people rotate sets of four or five passwords
> > in that case.
>
> How do you prevent re-use without keeping plain text or reversibly
> encrypted copies of the old ones laying around waiting to be
> stolen?
----
I would presume that they don't have to be stored as plain text or
reversible...they simply need to be kept around and when a new password
is submitted, encryption is applied and then it is matched against the
list of old passwords - much like an attempt to authenticate. I believe
that is the methodology of password policy of both FDS and OpenLDAP
anyway.
Craig
More information about the fedora-list
mailing list