Re: Isn't it a security hole...

To: debian-user@lists.debian.org
Subject: Re: Isn't it a security hole...
From: gram@merece.uthscsa.edu (Gilbert Ramirez Jr.) (by way of Mike Wood <mike@okinternet.com>)
Date: Wed, 14 Aug 1996 11:27:54 -0700
Message-id: <[🔎] 2.2.32.19960814182754.0069c060@mail.okinternet.net>

>As Jerzy Kakol said:
>> 
>> 
>> ...the attribute readable for others in case of the file /etc/passwd?
>
>Perhaps a bit, but not too much. The passwords in /etc/passwd are encrypted
>through one-way DES encryption.  It's much easier to simply guess users'
>passwords, the majority of which are first-names or first-names followed
>by a number.
>
>> 
>> TIA.
>> 
>>     Jerzy Kakol
>> 
>--gilbert
>______________________________________________________________________
>Gilbert Ramirez Jr.                     gram@merece.uthscsa.edu
>University of Texas                     http://merece.uthscsa.edu/gram
>Health Science Center at San Antonio    University Health System
>

        Actually, cracking a unix passwd file is quite easy, even for those
with minimal computer knowledge.  With widely available programs like Crack
(UNIX), Crakerjack (DOS), and root_crack(DOS) anybody with a CPU >386 can
crack the DES encryption with a bit of time.

                                        Mike...

Reply to:

Follow-Ups:
- Re: Isn't it a security hole...
  - From: Guy Maor <maor@ece.utexas.edu>
- Re: Isn't it a security hole...
  - From: Stephen Masterman <floyd@animals.mit.edu>

Prev by Date: Re: Isn't it a security hole...
Next by Date: Re: Non debian packages
Previous by thread: Re: Isn't it a security hole...
Next by thread: Re: Isn't it a security hole...
Index(es):
- Date
- Thread