Date: Tue, 20 Apr 2004 16:45:08 +0800 From: Benjamin Meade <ben@lanwest.com.au> To: Marshall Pierce <mpierce@hmc.edu> Cc: freebsd-questions@freebsd.org Subject: Re: Checking New Password Message-ID: <4084E314.7030808@lanwest.com.au> In-Reply-To: <E9FBEBAA-92A0-11D8-B21F-000393192092@hmc.edu> References: <FGECJDEHFNLFJMKMFJEOEENDDCAA.zen8061@zen.co.uk> <20040420071720.GC28812@happy-idiot-talk.infracaninophile.co.uk> <20040420072629.GD28812@happy-idiot-talk.infracaninophile.co.uk> <E9FBEBAA-92A0-11D8-B21F-000393192092@hmc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Marshall Pierce wrote: > These may be helpful: > http://www.onlamp.com/pub/a/bsd/2003/10/30/FreeBSD_Basics.html > http://www.onlamp.com/pub/a/bsd/2001/01/17/FreeBSD_Basics.html If I may just raise a small caution flag with regard to the top article/application. The author states: "...don't panic over the telnet word. The insecure telnet service isn't running on ..." The major insecurities in telnet are still present using this method of generating passwords. Instead of a sniffer getting the actual password, they get a list of six. Note that this is only using the network version, not the client side system. On the other hand, wrapping the communication with the server in ssl sounds like a very good solution for user passwords. You could even use a website in perl over https. Hmmm....I know what I'll be doing for the next few hours. :) -- Benjamin Meade System Administrator LanWest Pty Ltd Ph: +61 (8) 9440 3033 Fax: +61 (8) 9440 3370
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4084E314.7030808>