On Tue, Jun 03, 2003 at 09:35:28PM +0300, ????? ????? said: > > There are a lot of reasons to store the passwords encrypted... And not > that much reasons to store them unencrypted - in fact, there is only one > good reason that i can think of, and it's the need to retrieve lost > passwords, but the best way to do that, is to keep a hardened database > of the unencrypted passwords, and use it for this sole purpose.
IMHO, a better way to do that is to provide a way for privileged users to change the password, instead of maintaining it anywhere in cleartext. -- Shawn McMahon | Let every nation know, whether it wishes us well or ill, EIV Consulting | that we shall pay any price, bear any burden, meet any UNIX and Linux | hardship, support any friend, oppose any foe, to assure http://www.eiv.com| the survival and the success of liberty. - JFK
pgp00000.pgp
Description: PGP signature
