Re: Authorisation again. Security.

To: debian-russian@lists.debian.org
Cc: Anton Petrusevich <casus@bugs2k.com>
Subject: Re: Authorisation again. Security.
From: Ingvarr Zhmakin <ingvarr@mail.ru>
Date: Fri, 30 Nov 2001 09:24:17 +0300
Message-id: <[🔎] 20011130092417.A13833@haunt>
Mail-followup-to: debian-russian@lists.debian.org, Anton Petrusevich <casus@bugs2k.com>
In-reply-to: <[🔎] 20011129223642.A3088@casus.tx>
References: <[🔎] 20011130045902.A8205@haunt> <[🔎] 00be01c17951$aef61800$ab101eac@lukoil.perm.su> <[🔎] 20011129223642.A3088@casus.tx>


On Thu, Nov 29, 2001 at 10:36:42PM -0600, Anton Petrusevich wrote:
> In fact, APOP and the weaker defined SASL mechanisms such as
> CRAM-MD5 may potentially be even less secure than transmission of
> plaintext passwords because of the requirement that plaintext
> equivalents be stored on the server. 
Тоже вопрос, в сущности... 
Что проще -- поставить dsniff на пути или вытащить файл с паролями под
правами 0600 (в сущности, фишка /etc/shadow тоже именно в правах, а не
крипте, сколь я понимаю)? Правда, если раздает его сложная и
непонятная махина типа ldap... 

                   Ingvarr.

Reply to:

Follow-Ups:
- Re: Authorisation again. Security.
  - From: Anton Petrusevich <casus@bugs2k.com>

References:
- Authorisation again. Security.
  - From: Ingvarr Zhmakin <ingvarr@mail.ru>
- Re: Authorisation again. Security.
  - From: "Viktor Vislobokov" <vvislobokov@lukoilperm.ru>
- Re: Authorisation again. Security.
  - From: Anton Petrusevich <casus@bugs2k.com>

Prev by Date: Re: Authorisation again. Security.
Next by Date: Re: Authorisation again. Security.
Previous by thread: Re: Authorisation again. Security.
Next by thread: Re: Authorisation again. Security.
Index(es):
- Date
- Thread