On Tue, 3 Jun 2014 21:16:01 +0200
Markus Wichmann <nullplan_AT_gmx.net> wrote:
> Well, it won't save you, but delay it significantly! Testing a password
> with login takes 5 seconds, testing a password with the hash at hand
> takes less than a microsecond.
Well, it depends on the hash and how strong the password is ;).
> But I concur this issue is pretty unimportant. Most security breaches
> these days occur due to faulty software allowing arbitrary code
> execution from network input. Or some fault/feature in the operating
> system allowing circumvention of the login prompt. (If you give me
> physical access to a Linux box, I'll get access to it.) So knowing a
> password isn't necessary any more.
Exactly. This is a rather trivial issue and for instance not relevant
for ssh, telnet and other means of non-local access.
Cheers
FRIGN
--
FRIGN <dev_AT_frign.de>
Received on Tue Jun 03 2014 - 21:20:31 CEST