Thanks for the replies I have done some further reading on the matter and seem to have come across a paradox of sorts. What got me intersted was that an article claiming that the hash tables may be used for "evil " purposes but it was pointed out to me that without the hash you have no comparison so what use is a hash table, indeed you would also have had to gain access to the /etc/shadow file to get the hash and since that requires root priviledge it would seem you allready have a larger problem than losing a password to clear text. Of course I am only thinking of a remote login via 22 as that is what primarily concerns me at the moment. So in short it seems I am safe with my system as it is for now.
stu ps on a side note NBS DES National Bureau of Standards Data Encryption Standard http://www.garykessler.net/library/crypto.html#desmath On 15/11/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Fields are separated by a semicolon. So in the first one you have the > > username, and in the second one there is the encrypted password but > > this field is again separated in three new fields by a $ sign. So the > > first one (1 in this case) is the encryption algorithm used (I'll have > > $1$ meens MD5 (with salt). glibc crypt() function also reflects this. If > the salt format doesn't match $1$xxxxxxx$ format, DES encryption is > assumed, which has a very weak salt. > > > Stian Skjelstad > -- > gentoo-security@gentoo.org mailing list > > -- "There are 10 types of people in this world: those who understand binary, those who don't" --Unknown -- gentoo-security@gentoo.org mailing list
