Ah, that makes sense.

My comment about secure password treatment stands true for enterprise applications, but for a honeypot it makes total sense to log passwords.

But, suppose you had an administration console to the honeypot that you did NOT want hackers to have access to - like some honeypot report/statistical sub-application - well, for that sub-app you would want to take my advise about password treatment.

I meant to say "All that knowledge is mostly useless - but the understand that CS is all about constantly learning new stuff - priceless."

Thank god I do not get paid to write. :)

Oh comon - Bangalore College is a degree farm. That one college pumps out more grad's than all of the US probably. It's not the college or the education - it's the individual. Can you play in the world of computers and discrete math? Can you deal with 6 different programming languages to build a modern website? Some folks with PhD's cant play in this world - while some who never went to school are software engineering masters. The only thing my CS degree got me is a piece of paper - and some practice in learning about computers. All that knowledge is not mostly useless - but the understand that CS is all about constantly learning new stuff - priceless.

The moment you have a system that even has the capacity to log passwords, you have a security anti-pattern. Passwords are to be stored as per-user salted sha-2 hashes and should never be logged.