Date: Thu, 13 Nov 1997 09:08:00 -0800 (PST) From: Doug White <dwhite@gdi.uoregon.edu> To: "Randy A. Katz" <randyk@ccsales.com> Cc: questions@FreeBSD.ORG Subject: Re: ARE THEY ABLE TO CRACK UNIX PASSWORDS??? Message-ID: <Pine.BSF.3.96.971113090051.1931D-100000@gdi.uoregon.edu> In-Reply-To: <3.0.5.32.19971113081706.00c0a960@ccsales.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 13 Nov 1997, Randy A. Katz wrote: > Are they able to crack Unix passwords? How to prevent this? Please tell me > quickly, I've got some hacker terrorizing me. Define `crack'. . Brute-force methods (trying the dictionary) will work IF you have chosen easy-to-guess passwords. Make sure your passwords are secure by: . not using words in your password . using 2 or more non-letters (numbers, symbols, etc) . using passwords at least 6 characters long . Make sure your encrypted passwords aren't just laying around for anyone to read. By default they should only be in /etc/master.passwd with permissions 600, owner root:wheel. Make sure you didn't copy that to your anonymous ftp heirarchy. Other quick tips: . Deny snooping attacks by using Secure Shell (ssh) instead of telnet where possible, and setting up RSA keys. If you have a purely UNIX environment then you can disable your own password making it impossible for anyone except someone with your private key from even making an attempt. . Use your firewall or ipfw to block the perp's IP. . Complain to their ISP and give logs as evidence. I'm no security professional but those are some quick things that may help. Don't worry about some little kid threatening you that they'll hack your system; if you have decent passwords, I'd invite them to try. They won't be successful. Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971113090051.1931D-100000>