Date: Sun, 26 May 1996 11:13:59 -0400 (EDT) From: "Charles C. Figueiredo" <marxx@apocalypse.superlink.net> To: jamie <batsy@groovy.dreaming.org> Cc: freebsd-security@freebsd.org Subject: Re: md5 Message-ID: <Pine.BSF.3.91.960526111203.1151A-100000@apocalypse.superlink.net> In-Reply-To: <Pine.BSF.3.91.960526134808.1901B-100000@groovy.dreaming.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 26 May 1996, jamie wrote: > > I have recently heard rumors of an md5 library for Crack. I have a small > number of users on my system (20'ish) and all are ...well...users in the > sense that I give them an initial passwd to get to their accounts and > they ask me if I can just set it to their userid so they can remember it. > I have told them how to change their passwds but I am suspicious that > they are using insecure passwds. I haven't implemented cracklib but I am > warey that if there is an md5 plug-in for crack, the shadow passwd system > is only a minimal defense (unshadow.c). If anyone knows where to find a unshadow.c or any other variant, that attempts to exploit an insecuirty in getpwent() is useless. They cannot unshadow your password file w/ that, they will attempt other way of compromising root. > doc or a package I would be very interested in hearing about it. > Thanks, > -jamie reid > "I don't want to grow up, I'm a BSD kid. There's so many toys in /usr/bin that I can play with!" ------------------------------------------------------------------------------ Charles C. Figueiredo Marxx marxx@superlink.net ------------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960526111203.1151A-100000>