[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: RFC2256: userPassword
At 10:58 AM 6/29/99 -0700, Robert Allen wrote:
>The argument here is that having a bunch of world
>readable passwords IS the same as having cleartext passwords
>in todays world.
The counter argument is that userPasswords are bound to fall
into the wrong hands regardless of what access controls you
deploy.
A causal user given a cleartext password for another DN
is likely to use it. A determined cracker who has thwarted
access controls to obtain a salted MD5/SHA1 hash of a
password likely won't waste time trying to crack the
hash.
Kurt