[Xitami] Plaintext passwords on Bugtraq (again)

Michael Burns xitami@lists.xitami.org
Sat, 22 Jun 2002 07:46:40 -0700

Previous message: [Xitami] Plaintext passwords on Bugtraq (again)
Next message: [Xitami] Plaintext passwords on Bugtraq (again)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 09:28 PM 6/21/2002 -0500, niall wrote:

>Note that even if you use a hashed password file, it is often
>trivial to discover passwords using a dictionary-based attack. It's therefore
>much better to concentrate
>on hiding the password file than on encrypting it

True. But, "joe user" generally does not know how to perform a 
dictionary-based attack. Again, it does add a level a security.

>At some future date,
>Xitami will support encrypted (hashed) passwords.

Great!

>there you go.  if people have access to the localhost, you've got bigger
>problems that plaintext passwords.

There's the problem in a nutshell. With Windows 9X/ME and on non-NTFS 
Windows NT/2K/XP systems, the machine will require "physical security". For 
most of our "home" systems, this is not an option.

Thanks for your response!

Mike

Previous message: [Xitami] Plaintext passwords on Bugtraq (again)
Next message: [Xitami] Plaintext passwords on Bugtraq (again)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]