26 Mar
2018
26 Mar
'18
11:07 a.m.
Am 2018-03-26 10:46, schrieb Clint Dilks:
Hi, as you why it is insecure the biggest reason is that it is trivial for a user to get sensitive information about other users. Particularly things like password hashes, and with the compute power available today cracking a hash is not impractical.
You don't even need to crack them yourself. If you have the hashes, you can just use rainbow-tables available online, sometimes for a small fee.
Still relying on NIS is barely different from not having a password at all and just using a login. In both cases, you have to trust your users - it's no different.