Re: [netatalk-admins] Information on other authentications


Subject: Re: [netatalk-admins] Information on other authentications
From: Espen H. Koht (ehk20@cus.cam.ac.uk)
Date: Wed Apr 21 1999 - 18:26:18 EDT


On Wed, 21 Apr 1999, Michael Han wrote:

> This is stuff I would hope we all knew already. But all in all, I
> think most people would feel more comfortable with cleartext
> tranmission and hashed storage, rather than hashed transmission and
> cleartext storage... I could be wrong, but that's my take on things.

Count me out. I consider it my responsibility to keep my system as secure
as possible, and prefer basing my system around that goal, rather than
worrying about whether everybody else around me are able to keep their
systems secure or not.

The moment my system is insecure, its only a marginal difference to a
cracker whether the passwords are stored hashed or not, if they can then
sniff the network.

If my system is secure, I'd rather that my passwords aren't sniffed from
someones elses insecure system.

Ideally, there would be good third option which would eliminate having to
make such choices of course.

Espen



This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:16:38 EST