Date: Mon, 3 Jun 1996 00:53:46 -0400 (EDT) From: jamie <batsy@groovy.dreaming.org> To: Matt of the Long Red Hair <mattp@conundrum.com> Cc: freebsd-security@FreeBSD.org Subject: Re: MD5 Crack code Message-ID: <Pine.BSF.3.91.960603004211.3482B-100000@groovy.dreaming.org> In-Reply-To: <Pine.NEB.3.93.960602220553.506G-100000@conundrum.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Does anyone out there have a patch or even full source code for a Crack > capable of dealing with FreeBSD's MD5 passwd files? In fact it was me that was posting it. Mind you it was for fear of someone using the getpwent() bug (check CERT archives) using ushadow.c. Someone pointed out that I had nothing to fear from that bug. Mind you I am uncomfortable with the idea that there is one out there and I can't find it. Though someone gaining root access on my machine would make the master.passwd file useless in that they could get whatever they wanted and then leave a trojan, there are other ways to get the master passwd file on FreeBSD. These of course are not specific to FreeBSD but common misconfigurations. (i.e NFS, ftp and the like). I think that public knowledge of the existance of a crack would be far more useful to admins than "security through obscurity". There is a good reference to that in Practical Unix Security (O'rielly & Assoc.) and as I remember, it was not a facourable one A fish walks into a bar, completely skewing all laws of probablility in the universe which, subsequently, implodes. Some Guy Named Jamie batsy@groovy.dreaming.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960603004211.3482B-100000>