Re: [dev] [PATCH] [ubase] Simplify login

From: FRIGN <>
Date: Wed, 4 Jun 2014 12:44:01 +0200

On Wed, 4 Jun 2014 00:15:58 +0200
Alexander Huemer <> wrote:

> You think so? That's not at all what I personally associate with this
> feature. Can you elaborate?

Many people don't understand how hashing-functions work. The
shadow-file might suggest knowing the hash inherently unveils the
password in some magic way.
In reality, the incorporation of the shadow-file was motivated to make
brute-force-attacks slower and less effective, but they are still
Thus, the shadow file locks things up a bit more, brings some more
complexity, but this doesn't mean /etc/passwd is insecure.
If you use strong passwords, you don't need the shadow-file. If you
have a weak password, the shadow-file on the other hand just delays the
eventual breach.

Looking at it from the programmer's side: Implementing /etc/shadow
brings more complexity to the program. Avoiding complexity is one goal
to set, thus avoiding /etc/shadow is a good way to simplify things.

As Dimitris said before: If you are serious about breaking into a
computer, the security brought by login is laughable and easy to



Received on Wed Jun 04 2014 - 12:44:01 CEST

This archive was generated by hypermail 2.3.0 : Wed Jun 04 2014 - 12:48:06 CEST