On Tue, Feb 05, 2008 at 01:46:15PM -0600, Mike Miller wrote: > On Tue, 5 Feb 2008, Clay Fandre wrote: > > s/doesn't have a password/doesn't have a password that you know/ > > I can believe that because (A) it makes sense [as Florin suggested -- a > random string would be optimal] and (B) several people have said it. Well, actually, no... A random string would *not* be optimal, as there would still be the (admittedly very small) chance that a brute-force attack could guess it. Having no password (which is distinct from having an empty password) is indeed the optimal solution if you wish to disable login on an account, root or otherwise. On some systems, this can be accomplished by emptying the user's password hash value in /etc/shadow (or /etc/passwd, but why would you not be using shadow if you care at all about security?), but other systems will treat that as an empty password, so bad solution. The proper way to ensure that an account has no valid password is to insert characters into the user's hashed password which ensure that the hashing algorithm can never produce a matching hash. Altering the length of the hash can accomplish this for fixed-length hashes (such as MD5) or a character which isn't a part of the set used to encode the hash's output can work for others (e.g., inserting a G into a hexadecimal hash). If you take a look at your /etc/shadow, you'll most likely see several accounts with a password hash of simply "*" or "!", which fits both methods - no respectable cryptographic hash will produce a single-character result and few will use the characters ! or * in their output. But, then, I'm sure Clay and Florin already know this and it's just the ambiguity of the phrase "doesn't have a password" causing confusion... (Does it mean you can access the account without entering a password, that the password is an empty string (nothing), or that there is the absence of any valid password (known or unknown)?) -- News aggregation meets world domination. Can you see the fnews? http://seethefnews.com/