[katello-devel] Password reset to "admin/admin" and hashing
Garik Khachikyan
gkhachik at redhat.com
Wed Jun 29 13:45:21 UTC 2011
On 06/29/2011 02:23 PM, Lukas Zapletal wrote:
> On 06/29/2011 01:30 PM, Garik Khachikyan wrote:
>> (hope the process itself would not be so time consuming - algorithm
>> above)
>
> We should all hope the process actually IS time consuming. Unhashed vs
> hashed password operation is like 0.0000000000000000001 vs 0.001 sec.
> Thats nothing for Katello, but try it 1000000 billion times. That's
> what they (crackers/hackers) need to do. That's the idea behind it
> (repetition, salt/seed).
>
actually /me does worries about the "bad guys" not so much :) I'm asking
about our system providing the change password and if (that change
password process) would not be time/resource consuming there.
>> Thanks Lukas for detailed description :)
>
> d=)
>
More information about the katello-devel
mailing list