2009/5/29 Wojciech Puchar <woj...@wojtek.tensor.gdynia.pl>: >> Wojciech Puchar <woj...@wojtek.tensor.gdynia.pl> wrote: >> >>> Even 15 seconds of thinking is enough to understand that logging >>> to other user and then su - gives completely no extra security. >> >> I don't buy this, given that root's login name is well known :) > > if someone can intercept the passwords you type, then he/she will intercept > both user password you log in and then su password you type. > > He/she actually can gain more if you use su, as you may use the same user > password somewhere else.
But we're talking about vulnerability to dictionary and brute-force attacks. You'd have to first: Ascertain a username in the wheel group. Brute-force that password. THEN, you need to brute-force root's password. Chris -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in a mailing list? _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"