Web lists-archives.com

Re: Password policy.

On 14/11/18 10:19 pm, Brian wrote:
> There are two situations I can think of which could lead to /etc/shadow
> becoming vulnerable:
> 1. The machine's administrator causes it to happen.
> 2. There is a flaw in one the OS's components.
> The least said about cause 1, the better. There is nothing which can be
> done here.
> The bug arising in 2. would soon be discovered and a fix rapidly devised
> and distributed. There is nothing much to worry about here.

Sometimes 2 doesn't get discovered for many years.

How about:

3. They had physical access to the drive in question (or any backup) and
that data wasn't encrypted (LUKS for example).
[boot machine with live boot USB, mount root file system and steal the
file, remove live boot USB, allow machine to startup normally]

Oh and if the backup isn't protected, it could be in some AWS bucket or
somewhere else with inadequate protection such as with a weak password
on any cloud storage service.

Now they've collected /etc/shadow one way or another and they can do as
they please off-line.