Re: Password policy.

To: debian-user@lists.debian.org
Subject: Re: Password policy.
From: Brian <ad44@cityscape.co.uk>
Date: Wed, 14 Nov 2018 20:21:42 +0000
Message-id: <[🔎] 14112018195905.30a4aa3290d7@desktop.copernicus.org.uk>
In-reply-to: <[🔎] 4e8ad689-f02a-5f61-8540-1704244c6c4c@affinityvision.com.au>
References: <[🔎] E1gMbT7-0001Ge-TB@dalton.invalid> <[🔎] E1gMlGF-0003eA-7F@dalton.invalid> <[🔎] 14112018093523.d0a297112cbc@desktop.copernicus.org.uk> <[🔎] 63d3b9d3-8e7e-0bf5-c680-a5400a74931d@affinityvision.com.au> <[🔎] 14112018110716.ee82c2b95d40@desktop.copernicus.org.uk> <[🔎] 8a1dcb8c-3f1f-44df-6d38-212fb2fcf0cc@affinityvision.com.au> <[🔎] 14112018152616.447b9ec0d9a7@desktop.copernicus.org.uk> <[🔎] 4e8ad689-f02a-5f61-8540-1704244c6c4c@affinityvision.com.au>

On Thu 15 Nov 2018 at 03:41:42 +1100, Andrew McGlashan wrote:

> 
> 
> On 15/11/18 2:51 am, Brian wrote:
> > And what is the value to an attacker in having /etc/shadow, assuming it
> > can be decrypted in a sensible time frame? Remotely logging in? Surely
> > not in these days of ssh keys?
> 
> Well.... re-use of passwords.
> 
> We all know that if you have a username (often times an email address)
> and the password used for that username, then there are too many places
> where that same credentials might be re-used elsewhere.

True, that is a possibility. But unless the attack is against a known
user whose habits are also known or that can be guessed, knowing the
password isn't dreadfully useful in itself.

-- 
Brian.

Reply to:

References:
- Password policy.
  - From: peter@easthope.ca
- Re: Password policy.
  - From: peter@easthope.ca
- Re: Password policy.
  - From: Brian <ad44@cityscape.co.uk>
- Re: Password policy.
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: Password policy.
  - From: Brian <ad44@cityscape.co.uk>
- Re: Password policy.
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
- Re: Password policy.
  - From: Brian <ad44@cityscape.co.uk>
- Re: Password policy.
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>

Prev by Date: Re: Paypal and Linux in a low graphics environment.
Next by Date: Re: Paypal and Linux in a low graphics environment.
Previous by thread: Re: Password policy.
Next by thread: Re: Password policy.
Index(es):
- Date
- Thread