[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT]: possible spyware?

On Wed, Jun 25, 2008 at 04:42:25PM +0200, Dotan Cohen wrote:
> 2008/6/25 Andrei Popescu <andreimpopescu@gmail.com>:
> > Maybe it changed, but there used to be no password for the root
> > account...
> >
> > https://help.ubuntu.com/community/RootSudo
> >
> > no, it hasn't changed.
> >
> Nowhere does that document say that there is no password for root.

Quote (emphasis mine):

"Since the root account password is locked, this attack becomes 
essentially meaningless, since *there is no password* to crack or guess 
in the first place."

> what it does say is this:
> """By default, the root account password is locked in Ubuntu."""
> There is a root password, but the user does not know it.

There is also specified that you can re-lock your root account (in case 
you enabled it) with 'sudo passwd -l root'

,----[ man passwd ]
|        -l, --lock
| 	   Lock the named account. This option disables an account by changing the password to a value which matches no
| 	   possible encrypted value, and by setting the account expiry field to 1.

In theory you're right, the password does have a value, but there is no 
way you can login using that value.

If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)

Attachment: signature.asc
Description: Digital signature

Reply to: