List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
Thanks for the replies
I have done some further reading on the matter and seem to have come
across a paradox of sorts.
What got me intersted was that an article claiming that the hash
tables may be used for "evil " purposes but it was pointed out to me
that without the hash you have no comparison so what use is a hash
table, indeed you would also have had to gain access to the
/etc/shadow file to get the hash and since that requires root
priviledge it would seem you allready have a larger problem than
losing a password to clear text.
Of course I am only thinking of a remote login via 22 as that is what
primarily concerns me at the moment. So in short it seems I am safe
with my system as it is for now.
ps on a side note
National Bureau of Standards Data Encryption Standard
On 15/11/05, stian@... <stian@...> wrote:
> > Fields are separated by a semicolon. So in the first one you have the
> > username, and in the second one there is the encrypted password but
> > this field is again separated in three new fields by a $ sign. So the
> > first one (1 in this case) is the encryption algorithm used (I'll have
> $1$ meens MD5 (with salt). glibc crypt() function also reflects this. If
> the salt format doesn't match $1$xxxxxxx$ format, DES encryption is
> assumed, which has a very weak salt.
> Stian Skjelstad
> email@example.com mailing list
"There are 10 types of people in this world: those who understand
binary, those who don't"
firstname.lastname@example.org mailing list