Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Why use strong passwords?
Special Forums Cybersecurity Why use strong passwords? Post 302727017 by Neo on Monday 5th of November 2012 01:46:08 PM
Old 11-05-2012
Quote:
Originally Posted by Corona688
That only matters when you've swiped someone's shadow file though. If they have to brute-force your login, most systems will slow down failed logins severely.
Well, that is exactly what I said in my first post, that the issue is when someone steals the password file (what ever kind it is), my post was:

Quote:
One reason is that if someone steals the password file with all the encrypted passwords , it is easy to crack weak passwords. So, imagine a business with 20,000 customers and someone steals the password file. It would be easy for a criminal to run a brute force exploit (attack) against the encrypted passwords in the password file, and then subsequently compromise the accounts.
And in reality, this is what happens. A password file or database full of passwords (encrypted) are stolen; this can also include encrypted credit card information and other confidential data.

The same is also true for encrypted WIFI keys, which can be stored as encrypted text and then later on, a brute force attack is applied against those passwords; so the exploit is first gathering the data (encrypted text) and later running an attack against the ciphertext.
 

2 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Strong quotes and spaces

We ran into a problem because of a shop that uses Windows and UNIX. The file names that Windows uses have spaces in them. When they get moved to the unix system they still have spaces. This produces a problem in our script that moves them again from one unix system to another. I've made up a... (2 Replies)
Discussion started by: jimcampanella
2 Replies

2. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

LEARN ABOUT DEBIAN

dircproxy-crypt

dircproxy-crypt(1)					      General Commands Manual						dircproxy-crypt(1)

NAME

       dircproxy-crypt - Generate encrypted password for dircproxy

SYNOPSIS

       dircproxy-crypt [-hv] [password]...

DESCRIPTION

       dircproxy-crypt generates encrypted passwords for the dircproxy(1) configuration file.  These passwords are used in the 'password' configu-
       ration option of a connection class, and are compared to the password you configure your IRC client to use.

       If you do not supply any plain text passwords to encrypt on the command line then dircproxy-crypt, when run, will ask you for one on  stan-
       dard  input.   It  will display the encrypted version of each password, created using your system's crypt(3) function and a random salt, on
       standard output.

OPTIONS

       -h     Displays a brief help message detailing the command-line arguments, then exits.

       -v     Displays the dircproxy version number that this version of dircproxy-crypt comes with, then exits.

SEE ALSO

       dircproxy(1) crypt(3)

BUGS

       Please submit and review bug reports at:

       http://bugzilla.dircproxy.net/

AUTHOR

       Written by Scott James Remnant <scott@netsplit.com>.

COPYRIGHT

       Copyright (C) 2002 Scott James Remnant.	All Rights Reserved.  dircproxy is distributed under the GNU General Public License.

								    11 Jan 2001 						dircproxy-crypt(1)
All times are GMT -4. The time now is 07:03 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy