On 8/5/05, Bill Marquette <[EMAIL PROTECTED]> wrote: > Get a privacy screen for your monitor. Or get a mirror for the > monitor so you can see the corporate spies. Or retrieve the config > file via status.php which will sanitize the passwords. Masking the > passwords w/ base64 doesn't solve the problem and we will _NOT_ > implement a half assed solution. >
I totally agree. Anyone that has been around the Cisco world at all knows what their "service password-encryption" has done to most admins. They think it's some super duper encryption, and will email, post to mailing lists, etc. configs that have these "encrypted" passwords in them. They're FAR from encrypted, they can be reversed in less than a second by any of a few dozen widely available utilities. If you make things LOOK encrypted and secure, people will assume they are and will not treat the file with the sensitivity that they should. Period. Manuel also wrote up a nice explanation on the same (or similar) issue with the m0n0wall config.xml. http://m0n0.ch/wall/docbook/faq-plaintextpass.html -cmb --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
