Re: shadow passwords?


Rick Adams (rick@seismo.CSS.GOV)
Tue, 8 Nov 88 11:44:49 EST


A better implementation of shadow passwords is not to replace
the encrypted password field with * or something obvious, but to
replace it with the correct number of random characters. Let the
wouldbe cracker TRY and decrypt something that isn't encrypted!

--rick



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:44:29 GMT