> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of Kevin Tarr
> Sent: Friday, February 15, 2002 3:07 PM
> To: Brin-L
> Subject: Re: Win 98 Registry
>
>
> I have two seperate questions, the first may relate to Ronn's problems.
> 1. Over the last year my niece and nephew have gone through four hard
> drives. These were name brand, WD, store bought hard drives. Two of the
> failures were instantanious, two built up over weeks until it was obvious
> that something was wrong. Is there any notices about hard drive failures?
> The real question: what do you experts do to look ahead for
> problems? I know
> I can't get teenagers to do any weekly checks, but could these
> problems been
> avoided?
RAID-1 isn't very expensive any more, so that's what I'm using for critical
backups and such. I have a Promise ATA-100 RAID-1 controller and a pair of
inexpensive 60 GB hard disks connected to it. I'm not sure what the total
cost is, but it certainly isn't anything like what it was just a few years
ago. And it gives me great peace of mind, knowing that my backups are
redundant. I've considered switching all my desktop machines to RAID-1,
although my database drive would require a very expensive controller, as
it's a top-end SCSI drive.
> 2. From Alberto's message, I was wondering about something. From
> the little
> work I did with NT, it seemed like passwords were hidden. If a
> user lost or
> forgot his password, the only thing a sysadmin could do is reset the users
> system, the user had to input a new password. The sysadmin
> couldn't see what
> the actual password was. I take it that this is not true accross all
> systems? Obviously if I lost my password for Amazon.com, it could be
> e-mailed to me, but I just figured that some hidden mechanism was involved
> in this. My password was kept on the system but no person other than me
> could see it. Just wondering.
The answer is "it depends." On most systems, passwords are stored encrypted
and so they can only be discovered with brute force. However, on-line
systems have to be able to either store them in the clear or include a
decryption mechanism when someone needs a to know their password. You
really have to assume that there is at least one sysadmin, probably more,
who has acess to your password for an on-line service, unless you see a
notice that if you lose your password, either you'll have to start over or
be issued a completely new one. Then *maybe* not.
Speaking of such things, I cancelled an long-distance service that sent me
my password in e-mail every month, along with my billing notice. I liked
the idea of on-line bills (anything to reduce paper!), but these idiots
couldn't seem to understand why I didn't want them routinely e-mailing my
password in e-mail, which goes in the clear, not encrypted. After a couple
of efforts to convince them, I gave up and switched.
Now, having said all that, I'll add that if you're the NSA, you can probably
crack anything...
Nick
