[ale] Slackware use of PAM?
Bob
bob at cavu.com
Wed Nov 1 15:50:20 EST 2000
> > RH defaults to shadowed passwords, but off the top of my head I don't
> > remember if md5 is default or not...
> Recent versions of RedHat also default to MD5 passwords. Annoying as hell
> too since that makes them totally incompatible with any non-MD5 password
> system on the planet (which is most of them).
Yes, but it's time for the rest of the planet to change too. Computers are
too fast now for DES to be used in important applications. Most DES-based
passwords can be broken in a day or two (if a cracker has the encrypted
password to start with). MD5 takes about 20 times the number of computrons
(computations) as DES so that changes to about 1 month.
Shadow passwords make orders of magnitude of difference because it prevents
a cracker from copying your encrypted passwords from your /etc/passwd file
to his system. Instead, he must hammer yours. (There have been a number
of security bugs where the shadow passwords can be seen. Thus, it's
important to use MD5 instead of DES. After updating one's configuration,
each user needs to invoke "passwd" and supply a new password so that it will
be encrypted, hashed actually, using MD5. They don't all need to do this
at once.)
There's also the issue of "Password entropy". This is how many useful
random bits does your password generate. This is another way of saying
how easy your password is to guess.
> V
Bob
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list