Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: antiRepublicrat
We are talking about the inferiority of the Windows password system. No matter how many theoretical (your case) or actual add-ons there are, the capabilities of Windows' password system as shipped and as used by all (or almost all if you can produce your plug-in) Windows users are inferior to those of Linux systems as shipped by all major distros. It's a simple fact. Admit it.

Neither the Linux nor the Windows password systems need to be invulnerable to all possible attacks in order to be sufficient and useful for the vast number of uses. Not everybody needs to harden their machines in the same manner. Your suggestion that this makes Windows "inferior" to Linux systems is a pile of crap. In order to do hash lookups, you're going to need access to the password hashes. Barring access to the hashes, it doesn't matter how theoretically better one system is over another. You still won't be able to exploit them.

Need to replace Windows authentication? No problem. See pGina. The source code is readily available.
537 posted on 08/31/2005 11:55:50 AM PDT by Bush2000 (Linux -- You Get What You Pay For ... (tm)
[ Post Reply | Private Reply | To 535 | View Replies ]

To: Bush2000
Neither the Linux nor the Windows password systems need to be invulnerable to all possible attacks in order to be sufficient and useful for the vast number of uses.

Of course not, that's why I said hardening Linux's passwords would just be for the really paranoid.

Your suggestion that this makes Windows "inferior" to Linux systems is a pile of crap. In order to do hash lookups, you're going to need access to the password hashes.

Yes, in both the Windows and Linux cases you need access to the machine. Now that we've gained access to both systems, I am stumped by the Linux box and can get all of the passwords off the Windows box in a few minutes. Now I can access all of those users' files (even encrypted) on that machine and throughout the network, wherever those users have permission.

Which one's more secure? We both know security isn't a matter of stopping crackers, but in making it too difficult for them to bother. Unfortunately, Windows passwords are no longer difficult to crack.

Need to replace Windows authentication? No problem. See pGina. The source code is readily available.

Congratulations, you found one. I wonder why the earlier proponent of this hadn't been able to produce it. In any case, it shows that security can be increased (definitely a good thing), but as you know we usually stick to what's in the box, not something I've never seen used, not even in a Top Secret environment.

539 posted on 08/31/2005 12:20:31 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 537 | View Replies ]
To: Bush2000; antiRepublicrat
Thank you for the link. I forgot that they could change the Gina as well. Is that the same thing as replacing the crypto provider?

Also don't let him sucker you into the inferior debate. The simple truth is linux allows users to have a shorter password (with a little modification). With windows you need to increase the password length to include the linux salt + password length to have the same or better protection. However, if that isn't good enough they can simply replace either the Gina or the crypto provider.

But to say Windows is inferior in allowing the password to be shorter...whoopdie do. When linux catches up on the user experience then they can talk about having something better for the user. A shorter password isn't worth changing platforms.

547 posted on 08/31/2005 1:36:29 PM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 537 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson