SYSKEY2. Request For Comments
jeremy at valinux.com
jeremy at valinux.com
Fri Feb 4 15:14:13 GMT 2000
> i am looking to implement an equivalent mechanism to SYSKEY, however i do
> not have the relevant security skills to say whether a proposal is secure
> or not.
Why ? SYSKEY is a silly idea !
Either you trust root, or you don't.
If you don't trust root, then all the SYSKEY in
the world doesn't help. If you do trust root, then
why not let them see the hashed passwords ?
Don't give me any "it improves security" crap,
as it doesn't (unless you store the key off
machine - on a floppy disk needed on machine boot).
This is the same issue kerberos has.
There is no need to complicate all our code with
this stuff, it doesn't even add any security !
What does everyone else think ? I don't want you
to implement it - it's just a *bad* idea.
Jeremy.
More information about the samba-ntdom
mailing list