Re: [dev] [PATCH] [ubase] Simplify login

From: FRIGN <dev_AT_frign.de>
Date: Wed, 4 Jun 2014 17:25:27 +0200

On Wed, 4 Jun 2014 17:14:19 +0200
"Roberto E. Vargas Caballero" <k0ga_AT_shike2.com> wrote:

> The problem arises when you have a system with hundred of users. You have
> to ensure that all the users have a strong password (some of them without
> any basic knowledge about computers or security), so the only way is
> modifying passwd program to force secure passwords, so at the end you
> add complexity in another part of the system.

I wouldn't mind a complex "passwd", given it's rarely called in
comparison to the entire login-routine.
In which way is a /etc/passwd with hundreds of users less secure than a
smaller one? Do many hashes in one place magically reduce the overall
security?
Remember: Both shadow-files and normal passwd-files are weak when the
password is weak.

Cheers

FRIGN

-- 
FRIGN <dev_AT_frign.de>
Received on Wed Jun 04 2014 - 17:25:27 CEST

This archive was generated by hypermail 2.3.0 : Wed Jun 04 2014 - 17:36:06 CEST