[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Open Xlock as root



On 7/12/99 vorlon@netexpress.net wrote:

Well, if you're using crypt passwords, a dedicated assailant can get the
cleartext passwords easily enough.  Crypt just isn't all that secure
anymore.  More OS distributions are moving to solutions like md5, but not
enough of them have that enabled as the default, IMHO.

true..


one thing i was wondering, OpenBSD uses BlowFish to encrypt the passwords, why can't we have a non-US module to give us the ability to do that too? is this is pam issue or a libc issue or both?

I would guess BlowFish passwords would be even yet harder to brute force then md5 or am i mistaken?

(And even then, your users and administrators have to be using *good*
passwords..)

of course, if you have weak passwords then xlock is not the worst of your problems..



-- Ethan Benson ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ OpenPGP encrypted mail accepted. To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/ Key FingerPrint: 371A 7416 5D39 CF2D 9366 8AF6 0139 54F5 3EBD 0FE6 RSA Key FingerPrint: DE8B 74D0 79F1 6176 9AF5 120F 47AD 9B0A ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []