From owner-freebsd-security Sun Dec 15 16:18:46 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id QAA20942 for security-outgoing; Sun, 15 Dec 1996 16:18:46 -0800 (PST) Received: from isbalham.ist.co.uk (isbalham.ist.co.uk [192.31.26.1]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id QAA20910; Sun, 15 Dec 1996 16:18:36 -0800 (PST) Received: from gid.co.uk (uucp@localhost) by isbalham.ist.co.uk (8.8.4/8.8.4) with UUCP id AAA03019; Mon, 16 Dec 1996 00:04:03 GMT Date: Mon, 16 Dec 1996 00:03:01 GMT Received: from [194.32.164.2] by seagoon.gid.co.uk; Mon, 16 Dec 1996 00:03:01 GMT X-Sender: rb@194.32.164.1 Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: Terry Lambert From: rb@gid.co.uk (Bob Bishop) Subject: Re: vulnerability in new pw suite Cc: proff@iq.org, security@freebsd.org, hackers@freebsd.org Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk At 1:39 pm 15/12/96, Terry Lambert wrote: >Heh. > >Please define "unsafe" in the context of a functional (inaccessible for >pre-salt-based attacks) shadow password system. > >8-) 8-). > >I'm tired of having passwd not let me use whatever password I want, >considering that with a shadow file, the user will have to brute-force >it through /bin/login or equivalent. It seems the harder it becomes to >see my post-encryption password, the more anal the passwd command >becomes about making post-encryption passwords "safe" from attacks >which are impossible to institute unless root has been compromised. Yeah, fine on an isolated machine, but those pesky users also insist on using the same weak password on lots of different systems. So if some sleaze does manage to get root on your system and thus access to your shadow file, five gets you ten the user passwords he can now derive will work on neighbouring systems. -- Bob Bishop (0118) 977 4017 international code +44 118 rb@gid.co.uk fax (0118) 989 4254 between 0800 and 1800 UK