Re: Found, a new rootkit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: Found, a new rootkit
From: Paul Howarth <paul@xxxxxxxxxxxx>
Date: Thu, 06 Apr 2006 16:00:56 +0100
In-reply-to: <1144334574.5729.0.camel@xxxxxxxxxxxxxxxxxxxx>
References: <200603311302.41518.gene.heskett@xxxxxxxxxxx> <1143833946.32391.24.camel@xxxxxxxxxxxxxxxxxxxxxx> <1143836348.21658.97.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <200603311830.18510.gene.heskett@xxxxxxxxxxx> <1143848452.21658.118.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <442DCC75.5040708@xxxxxxxxxxxxxxxxxxxxxx> <44320832.7090503@xxxxxxxxxxxxx> <1144152680.4057.5.camel@xxxxxxxxxxxxxxxxxxxx> <4432F495.1010806@xxxxxxxxxxxxx> <05f901c6585c$dc632b40$0225a8c0@Wednesday> <1144207532.15424.37.camel@xxxxxxxxxxxxxxxxxxxxxxxxx> <443341B6.9030002@xxxxxxxxxxxxxxxx> <1144334574.5729.0.camel@xxxxxxxxxxxxxxxxxxxx>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
User-agent: Thunderbird 1.5 (X11/20060313)

Tim wrote:

Les Mikesell:

How do you prevent re-use without keeping plain text or reversibly
encrypted copies of the old ones laying around waiting to be
stolen?

Mikkel L. Ellertson:

You keep copies of the old encrypted passwords around, and compare
the new one to them. If they match, reject the password. After all,
you do that to the current one every time someone tries to log in.


I don't think that'd work if each time the system encrypts the same
password, the encrypted version is a new hash.

You know what the hashes of the old encrypted passwords are so you justencrypt the new password with the same hash.


Paul.

References:
- Re: Found, a new rootkit
  - From: John Summerfield
- Re: Found, a new rootkit
  - From: Mike McCarty
- Re: Found, a new rootkit
  - From: Tim
- Re: Found, a new rootkit
  - From: Mike McCarty
- Re: Found, a new rootkit
  - From: jdow
- Re: Found, a new rootkit
  - From: Les Mikesell
- Re: Found, a new rootkit
  - From: Mikkel L. Ellertson
- Re: Found, a new rootkit
  - From: Tim

Prev by Date: Re: rpm package site for FC 5
Next by Date: Re: My FC3 machine appears to be compromised, please help
Previous by thread: Re: Found, a new rootkit
Next by thread: Re: Found, a new rootkit
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]