On Tue, 3 Jun 2014 21:16:01 +0200 Markus Wichmann <[email protected]> wrote:
> Well, it won't save you, but delay it significantly! Testing a password > with login takes 5 seconds, testing a password with the hash at hand > takes less than a microsecond. Well, it depends on the hash and how strong the password is ;). > But I concur this issue is pretty unimportant. Most security breaches > these days occur due to faulty software allowing arbitrary code > execution from network input. Or some fault/feature in the operating > system allowing circumvention of the login prompt. (If you give me > physical access to a Linux box, I'll get access to it.) So knowing a > password isn't necessary any more. Exactly. This is a rather trivial issue and for instance not relevant for ssh, telnet and other means of non-local access. Cheers FRIGN -- FRIGN <[email protected]>
