From owner-freebsd-questions@FreeBSD.ORG Tue Apr 20 01:45:09 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E7D916A4CE for ; Tue, 20 Apr 2004 01:45:09 -0700 (PDT) Received: from mail.lanwest.com.au (lanwest4-gw.highway1.com.au [203.23.222.13]) by mx1.FreeBSD.org (Postfix) with SMTP id 6DCE943D4C for ; Tue, 20 Apr 2004 01:45:07 -0700 (PDT) (envelope-from ben@lanwest.com.au) Received: from lanwest.com.au (eddie [192.168.0.101]) by mail.lanwest.com.au (8.12.8/8.12.8) with ESMTP id i3K8gc4M030530; Tue, 20 Apr 2004 16:42:38 +0800 Message-ID: <4084E314.7030808@lanwest.com.au> Date: Tue, 20 Apr 2004 16:45:08 +0800 From: Benjamin Meade Organization: LanWest Pty Ltd User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Marshall Pierce References: <20040420071720.GC28812@happy-idiot-talk.infracaninophile.co.uk> <20040420072629.GD28812@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: Zen cc: freebsd-questions@freebsd.org Subject: Re: Checking New Password X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ben@lanwest.com.au List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Apr 2004 08:45:09 -0000 Marshall Pierce wrote: > These may be helpful: > http://www.onlamp.com/pub/a/bsd/2003/10/30/FreeBSD_Basics.html > http://www.onlamp.com/pub/a/bsd/2001/01/17/FreeBSD_Basics.html If I may just raise a small caution flag with regard to the top article/application. The author states: "...don't panic over the telnet word. The insecure telnet service isn't running on ..." The major insecurities in telnet are still present using this method of generating passwords. Instead of a sniffer getting the actual password, they get a list of six. Note that this is only using the network version, not the client side system. On the other hand, wrapping the communication with the server in ssl sounds like a very good solution for user passwords. You could even use a website in perl over https. Hmmm....I know what I'll be doing for the next few hours. :) -- Benjamin Meade System Administrator LanWest Pty Ltd Ph: +61 (8) 9440 3033 Fax: +61 (8) 9440 3370