Found, a new rootkit

Craig White craigwhite at
Wed Apr 5 03:41:32 UTC 2006

On Tue, 2006-04-04 at 22:25 -0500, Les Mikesell wrote:
> On Tue, 2006-04-04 at 21:58, jdow wrote:
> > > Another good guide is:
> > > 
> > > Enforce changing of passwords on at least a monthly basis.
> > > Do not permit re-use of old passwords.
> > 
> > Experience indicates that people rotate sets of four or five passwords
> > in that case.
> How do you prevent re-use without keeping plain text or reversibly
> encrypted copies of the old ones laying around waiting to be
> stolen?
I would presume that they don't have to be stored as plain text or
reversible...they simply need to be kept around and when a new password
is submitted, encryption is applied and then it is matched against the
list of old passwords - much like an attempt to authenticate. I believe
that is the methodology of password policy of both FDS and OpenLDAP


More information about the users mailing list