[plug] Password Composition

Earnshaw, Mike earnshawm at wa.switch.aust.com
Mon Apr 10 14:23:32 WST 2000


Christian,

<snip>

> BTW, if you weren't using the MD5 crypt() then only the first eight
> characters would actually count which *may* have contributed to the
> mistake.

I don't think I used MD5 (it was a while ago). I have another machine to
install later this week so will try again.

> "@" for "a", "#" for "e" etc.
> 
> These simple substitutions are also generally not advisable.

Not many things are when it comes to passwords, in my limited experience one
only has to hope no one gets in. The standard, "it ain't secure unless it's
locked in a room with no network access" rules apply. Someone somewhere will
always be able to beat the system, no matter how good you are (and I'm not
implying I am any good ;-)). We just hope to keep away the script kiddies
and the like. (I would like to think it would deter the "better" hacker, but
in reality ??)

Mike



More information about the plug mailing list