On Wed, 4 Jun 2014 17:14:19 +0200 "Roberto E. Vargas Caballero" <[email protected]> wrote:
> The problem arises when you have a system with hundred of users. You have > to ensure that all the users have a strong password (some of them without > any basic knowledge about computers or security), so the only way is > modifying passwd program to force secure passwords, so at the end you > add complexity in another part of the system. I wouldn't mind a complex "passwd", given it's rarely called in comparison to the entire login-routine. In which way is a /etc/passwd with hundreds of users less secure than a smaller one? Do many hashes in one place magically reduce the overall security? Remember: Both shadow-files and normal passwd-files are weak when the password is weak. Cheers FRIGN -- FRIGN <[email protected]>
