Comment Re:Weak Passwords ?? If they know that ...well (Score 2, Insightful) 331
Reply posters,
Interesting comments (except that one anon creature).. Yes, when one has access to the hashed password files, the test is a lot easier than a wholesale crack.
And the net is not exactly a place to send anything that one doesn't want snniffed, is it.
But by leaving us to guess why & how, Debian did leave the door open to speculation on just what they did that opened this vulnerability and what they did to "determine" there were weak passwords. And I was not knocking the Debian code, just the management errors that led to this particular problem.
And the question about the kernekl version is also a valid curiosity, isn't it. btw do they actually know that this was a hack from outside, entirely outside?
As to credibility, would rather see a good open discussion than waste time with name calling any day.
Interesting comments (except that one anon creature).. Yes, when one has access to the hashed password files, the test is a lot easier than a wholesale crack.
And the net is not exactly a place to send anything that one doesn't want snniffed, is it.
But by leaving us to guess why & how, Debian did leave the door open to speculation on just what they did that opened this vulnerability and what they did to "determine" there were weak passwords. And I was not knocking the Debian code, just the management errors that led to this particular problem.
And the question about the kernekl version is also a valid curiosity, isn't it. btw do they actually know that this was a hack from outside, entirely outside?
As to credibility, would rather see a good open discussion than waste time with name calling any day.
