On Wed, February 4, 2015 3:55 pm, Warren Young wrote: >> On Feb 4, 2015, at 12:16 PM, Lamar Owen <lowen at pari.edu> wrote: >> >> Again, the real bruteforce danger is when your /etc/shadow is >> exfiltrated by a security vulnerability > > Unless you have misconfigured your system, anyone who can copy /etc/shadow > already has root privileges. They don’t need to crack your passwords > now. You’re already boned. > There can be scenario that someone has /etc/shadow due to admin's stupidity, yet doesn't have root access. Like: NFS exported / without root_squash option, then everybody having root on different box can mount and have your /etc/shadow. But in general, I'm with you. And incident like above is really major incident after which full investigation of all what happened on the box, change of all password (and other thing that too should be considered compromised like keys, certs...) and rebuild of box are mandatory. In any case, I agree that whoever let password hashes get exposed... is doomed. Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++