On Thu 15 Nov 2018 at 03:41:42 +1100, Andrew McGlashan wrote: > > > On 15/11/18 2:51 am, Brian wrote: > > And what is the value to an attacker in having /etc/shadow, assuming it > > can be decrypted in a sensible time frame? Remotely logging in? Surely > > not in these days of ssh keys? > > Well.... re-use of passwords. > > We all know that if you have a username (often times an email address) > and the password used for that username, then there are too many places > where that same credentials might be re-used elsewhere.
True, that is a possibility. But unless the attack is against a known user whose habits are also known or that can be guessed, knowing the password isn't dreadfully useful in itself. -- Brian.
