Heyho, FRIGN wrote: > In which way is a /etc/passwd with hundreds of users less secure than a > smaller one? Do many hashes in one place magically reduce the overall > security?
Not precisely. But if you have a large amount of users, the probability that one of them chose a weak common password is higher than for a small set of users. Say you want to check your u users against the n most common passwords. Let p be the probability for a user choosing one of the n passwords. Then you have at least one user with a weak password with a probability of: 1 - (1-p)^u So with u growing linearly, you have linearly more work to check all users against the n passwords (assume a unique salt value per user), but exponentially growing probability of finding a match. So for systems with large user counts it is easier to find a user with a weak password, but it does not influence your user account at all if you use a strong (strong = password is not one of the n most common ones) password. --Markus
