[imp] secure IMP connections

Rich Lafferty rich@horde.org
Tue, 20 Mar 2001 14:29:13 -0500


On Tue, Mar 20, 2001 at 02:15:12PM -0500, arijit das (arijitda@netscape.net) wrote:
> 
>
> I see what you are telling here, given this logic, root can
> see the UNIX password (encrypted) of any user, since it will
> get access to it in memory eventually.

No, Unix passwords are encoded with a one-way hashing algorithm, not a
two-way encryption algorithm. But root could watch the keystrokes of a
user logging in, and then note whether the user succeeded or not, to
get the password; or, for that matter, watch what the user types into
passwd(8), or just subvert passwd(8) entirely.

  -Rich

-- 
------------------------------ Rich Lafferty ---------------------------
 Sysadmin/Programmer, Instructional and Information Technology Services
   Concordia University, Montreal, QC                 (514) 848-7625
------------------------- rich@alcor.concordia.ca ----------------------