[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] unencrypted webGUI default password
 Date:  Sat, 20 Aug 2005 18:10:02 -0400
On 8/20/05, Michal Bartkowiak <mailing at digital dot nonspace dot net> wrote:
> 
> > the clear default password, which is far from a secret anyway
> 
> Password, like definition says, is something secret. 

not if it's "mono", anybody with Internet access can find it!  But in
the situation you've since described, yes.



> 
> Run crypt("yourpasswordhere") and put it in place of the crypt
> function (wich will return the encrypted value)
> 

right, but I'm assuming Manuel did it that way because the crypt
function could change in the future, and "mono" is far from a secret. 
If you're making that default password something else and you don't
want to know what it is, then sure, that's fine to do.

-Chris