[CentOS] How insecure is NIS ? Possible alternatives ?
rainer at ultra-secure.de
rainer at ultra-secure.de
Mon Mar 26 09:07:37 UTC 2018
Am 2018-03-26 10:46, schrieb Clint Dilks:
> Hi, as you why it is insecure the biggest reason is that it is trivial
> for
> a user to get sensitive information about other users. Particularly
> things
> like password hashes, and with the compute power available today
> cracking a
> hash is not impractical.
You don't even need to crack them yourself.
If you have the hashes, you can just use rainbow-tables available
online, sometimes for a small fee.
Still relying on NIS is barely different from not having a password at
all and just using a login.
In both cases, you have to trust your users - it's no different.
More information about the CentOS
mailing list