If they have root on your VM, they have your root password too. We're talking about maybe a couple hundred lines of code, tops.
It's clearly easier to get root passwords out of a database, but in the unlikely scenario where an internal employee sets out to sabotage the whole operation, a couple hundred lines of C code doesn't make the effort that much more unlikely.
Don't get me wrong; storing the passwords in the clear is very bad. The thing that is really going to go wrong? Someone's going to commit a change to their web app that coughs up everyone's password to an outsider.
I think there's a pretty huge difference in the risk of a bad apple writing code and inserting it into the system vs a bad apple looking up a password and logging in normally.
One requires significant sophistication and risk (of colleagues knowing your intentions are malicious), the other requires virtually no knowledge and low risk.
> If they have root on your VM, they have your root password too. We're talking about maybe a couple hundred lines of code, tops.
The default hash for crypt(3) (and thus /etc/shadow) in newer Linux distributions is salted SHA-512. Shouldn't that be significantly more difficult to crack than the old MD5 hashes? john didn't even support it when I checked a few months ago.
In effect, No. The computing power required to crack SHA-512 is infinitesimal compared to that for, say, bcrypt. However, modern crypt() implementations support multiple rounds just like bcrypt and that would make it significantly more difficult (time-wise) to crack. But then again SHA-512 is already being replaced due to some potential flaws found, so.... shrug
Kind of pointless to crack your password, though. I mean, it's not like you use the same one for more than one account.
No of course not. I'm sure we all use a different password for every box, webapp account, registrar, email address etc. I myself keep 100 or so passwords in my head, just like everyone else...
i know right? after the 16th character in the 96-character set it gets a little tiresome to type but i think keeping my twitter account secure is worth it.
It's clearly easier to get root passwords out of a database, but in the unlikely scenario where an internal employee sets out to sabotage the whole operation, a couple hundred lines of C code doesn't make the effort that much more unlikely.
Don't get me wrong; storing the passwords in the clear is very bad. The thing that is really going to go wrong? Someone's going to commit a change to their web app that coughs up everyone's password to an outsider.