Re: Linux and Security

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: Linux and Security
From: Michael Beattie <mickyb@es.co.nz>
Date: Wed, 19 Aug 1998 17:19:36 +1200 (NZST)
Message-id: <[🔎] Pine.LNX.3.96.980819171432.1553A-100000@omnic.rumpus.net>

After thinking about the crypt function, salts, etc... would it not be
possible to do this:

1) obtain the source for the crypt function.

2) obtain by whatever method, the hashed/encrypted/whatever password from
/etc/shadow.

3) reverse the technique in the crypt function, then apply that to the
string obtained from /etc/shadow using salt #1

4) repeat step 3 for each of the 4096 (??) salts.

would that leave you with 4096 possible passwords to try at login? maybe
use a telnet script of some kind somehow?

The above is only an Idea I thought of on the toilet (of all places..
sheesh). would it work?


                       Michael Beattie (mickyb@es.co.nz)

               PGP Key available, reply with "pgpkey" as subject.
 -----------------------------------------------------------------------------
                Bother! said Pooh, as the Klingons opened fire.
 -----------------------------------------------------------------------------
                Debian GNU/Linux....  Ooohh You are missing out!

Reply to:

Follow-Ups:
- Re: Linux and Security
  - From: George Bonser <grep@shorelink.com>
- Re: Linux and Security
  - From: Manoj Srivastava <srivasta@datasync.com>

Prev by Date: Passwd Encryption (Re: Linux security)
Next by Date: Re: OFF-TOPIC (How do you guys sort your mail?)
Previous by thread: Encrypt files?
Next by thread: Re: Linux and Security
Index(es):
- Date
- Thread