Date: Thu, 13 Nov 1997 12:09:51 -0500 (EST) From: Steve Hovey <shovey@buffnet.net> To: "Randy A. Katz" <randyk@ccsales.com> Cc: questions@FreeBSD.ORG Subject: Re: ARE THEY ABLE TO CRACK UNIX PASSWORDS??? Message-ID: <Pine.BSI.3.95.971113120921.12083D-100000@buffnet3.buffnet.net> In-Reply-To: <3.0.5.32.19971113085135.00a3ce20@ccsales.com>
next in thread | previous in thread | raw e-mail | index | archive | help
PS - with root incursions you are best to format and reinstall, and then restore non-suid binaries AND change eveyones passwords. On Thu, 13 Nov 1997, Randy A. Katz wrote: > OK. > > We're using master.passwd, it seems they can just pull down this file and > crack it. They got my root passwd and logged in and created other users > which have root access. The password they got is something like 5693k. Did > they actually get it from sniffing? > > I just can't believe they guessed that password!???! > > This guys' driving me nuts! Help! > > Thanx, > Randy Katz > > > > >You cannot decrypt a unix password - however you can guess them, and there > >are utilities that look at the salt part of the password field of the > >password file, then encrypt a dictionary - and or common permutations of > >userid and gecos field info. > > > >If you use the master.passwd scheme and do not use NIS then they cant do > >much of anything unless they gain root access or via some trick get a copy > >of master.passwd - even then they gotta run guess software per above. > > > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.971113120921.12083D-100000>