Checking New Password

Benjamin Meade ben at
Tue Apr 20 01:45:09 PDT 2004

Marshall Pierce wrote:

> These may be helpful:

If I may just raise a small caution flag with regard to the top 
article/application. The author states:

"...don't panic over the telnet word. The insecure telnet service isn't running 
on ..."

The major insecurities in telnet are still present using this method of 
generating passwords. Instead of a sniffer getting the actual password, they get 
a list of six. Note that this is only using the network version, not the client 
side system.

On the other hand, wrapping the communication with the server in ssl sounds like 
a very good solution for user passwords. You could even use a website in perl 
over https.

Hmmm....I know what I'll be doing for the next few hours. :)

Benjamin Meade
System Administrator
LanWest Pty Ltd
Ph:  +61 (8) 9440 3033
Fax: +61 (8) 9440 3370

More information about the freebsd-questions mailing list