[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Auto Pass Changing : Subject changes to OOPS :)



On Wed, Mar 22, 2000 at 11:53:06AM +0000, Tim Haynes wrote:
> As someone else has said, btw, would you recognise your own encrypted root
> password? (Would whoever mailed me that directly please bounce it to the
> *list* as well?!)

I don't keep a Fcc: of all my outgoing mail but I'll reproduce my reply:

My issues were that the crontab script/linecould also be used against you.
An intruder might notice it (they usually do look/alter crontab files) and
change the encrypted password.

Besides, if an intruder gains sufficient access to change your password, you
probably are comprimised in other ways as well. Most intruders do not change
the password because it exposes them, instead, they create backdoors by
patching sshd, login, etc etc..

I don't think this password reoring system will provide you with security.
You might be more interested in projects such as LIFDS (www.lids.org).


Rob
-- 
Rob Kaper | cap@capsi.com cap@capsi.cx cap@atomickitten.cx cap@loves.lana.cx
          | http://capsi.com/ http://capsi.cx/ telnet://chat.capsi.cx:2300/
          | "These are the people who proudly call themselves "hackers" --
          | not as the term is now abused by journalists to mean a computer
          | criminal, but in its true and original sense of an enthusiast,
          | an artist, a tinkerer, a problem solver, an expert." -- ESR


Reply to: