Found, a new rootkit
Tim
ignored_mailbox at yahoo.com.au
Thu Apr 6 14:42:53 UTC 2006
Les Mikesell:
>> How do you prevent re-use without keeping plain text or reversibly
>> encrypted copies of the old ones laying around waiting to be
>> stolen?
Mikkel L. Ellertson:
> You keep copies of the old encrypted passwords around, and compare
> the new one to them. If they match, reject the password. After all,
> you do that to the current one every time someone tries to log in.
I don't think that'd work if each time the system encrypts the same
password, the encrypted version is a new hash.
--
(Currently running FC4, occasionally trying FC5.)
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.
More information about the fedora-list
mailing list