On Wed, 4 Jun 2014 17:14:19 +0200
"Roberto E. Vargas Caballero" <k0ga_AT_shike2.com> wrote:
> The problem arises when you have a system with hundred of users. You have
> to ensure that all the users have a strong password (some of them without
> any basic knowledge about computers or security), so the only way is
> modifying passwd program to force secure passwords, so at the end you
> add complexity in another part of the system.
I wouldn't mind a complex "passwd", given it's rarely called in
comparison to the entire login-routine.
In which way is a /etc/passwd with hundreds of users less secure than a
smaller one? Do many hashes in one place magically reduce the overall
security?
Remember: Both shadow-files and normal passwd-files are weak when the
password is weak.
Cheers
FRIGN
--
FRIGN <dev_AT_frign.de>
Received on Wed Jun 04 2014 - 17:25:27 CEST