From owner-freebsd-questions  Thu Nov 13 09:11:08 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id JAA27562
          for questions-outgoing; Thu, 13 Nov 1997 09:11:08 -0800 (PST)
          (envelope-from owner-freebsd-questions)
Received: from buffnet4.buffnet.net (buffnet4.buffnet.net [205.246.19.13])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id JAA27548
          for <questions@FreeBSD.ORG>; Thu, 13 Nov 1997 09:10:57 -0800 (PST)
          (envelope-from shovey@buffnet.net)
Received: from buffnet3.buffnet.net (shovey@buffnet3.buffnet.net [205.246.19.12]) by buffnet4.buffnet.net (8.7.5/8.7.3) with SMTP id MAA19957; Thu, 13 Nov 1997 12:09:53 -0500 (EST)
Date: Thu, 13 Nov 1997 12:09:51 -0500 (EST)
From: Steve Hovey  <shovey@buffnet.net>
To: "Randy A. Katz" <randyk@ccsales.com>
cc: questions@FreeBSD.ORG
Subject: Re: ARE THEY ABLE TO CRACK UNIX PASSWORDS???
In-Reply-To: <3.0.5.32.19971113085135.00a3ce20@ccsales.com>
Message-ID: <Pine.BSI.3.95.971113120921.12083D-100000@buffnet3.buffnet.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk



PS - with root incursions you are best to format and reinstall, and then
restore non-suid binaries AND change eveyones passwords.

On Thu, 13 Nov 1997, Randy A. Katz wrote:

> OK.
> 
> We're using master.passwd, it seems they can just pull down this file and
> crack it. They got my root passwd and logged in and created other users
> which have root access. The password they got is something like 5693k. Did
> they actually get it from sniffing?
> 
> I just can't believe they guessed that password!???!
> 
> This guys' driving me nuts! Help!
> 
> Thanx,
> Randy Katz
> 
> >
> >You cannot decrypt a unix password - however you can guess them, and there
> >are utilities that look at the salt part of the password field of the
> >password file, then encrypt a dictionary - and or common permutations of
> >userid and gecos field info.
> >
> >If you use the master.passwd scheme and do not use NIS then they cant do
> >much of anything unless they gain root access or via some trick get a copy
> >of master.passwd - even then they gotta run guess software per above.
> >
> >
>