rootkit?
John Summerfied
debian at herakles.homelinux.org
Wed Dec 14 07:16:34 UTC 2005
Michael A. Peters wrote:
> On Sun, 2005-12-11 at 00:28 -0600, Jeff Vian wrote:
>
>
>>Besides, the password cracker is enough to confirm that no current
>>passwords and no existing account is 100% secure.
>
>
> Fedora implements shadow.
> If they did not get root, the presence of a passwd cracker is
> meaningless - you need to have read access of the shadow file for the
> cracker to do any good.
>
That's actually not true. I have (or create) a list of candidate
passwords and try them in turn.
Or I consult a dictionary of encrypted passwords and the passwords used
to create the encrypted password. Someone's in the process of creating
such a dictionary right now.
--
Cheers
John
-- spambait
1aaaaaaa at computerdatasafe.com.au Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
More information about the fedora-list
mailing list