Date: Wed, 10 May 2000 15:32:00 +0200 From: "Luc.Beurton" <Luc.Beurton@univ-ubs.fr> To: security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output Message-ID: <20000510153159.A23888@moorea.univ-ubs.fr> In-Reply-To: <20000510145508.M46065@vuurwerk.nl>; from Peter van Dijk on Wed, May 10, 2000 at 02:55:08PM %2B0200 References: <20000509215515.B29766@cc942873-a.ewndsr1.nj.home.com> <20000509150609.L42267@vuurwerk.nl> <20000509215515.B29766@cc942873-a.ewndsr1.nj.home.com> <20000510140053.G46065@vuurwerk.nl> <3.0.5.32.20000510055246.009b9100@infidel.boolean.net> <20000510145508.M46065@vuurwerk.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Actually, the use of "password" could mask a change... consider
> >
> > < root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash
> > ---
> > > root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/tcsh
> >
> > The admin would likely assume only the shell has changed even
> > though password may have changed.
>
> Now _there_ is a good point. We need password1/password2 for security.
> Damn.
Maybe, the solution could be to crypt the crypted password like this ?
awk 'BEGIN{FS=":";OFS=":"}($2){CMD="echo \""$2"\"| /sbin/md5";CMD|getline $2;close(CMD)}{print}'
Or add flag -d -f to md5, something like :
diff /var/backup/master.passwd.bak /etc/master.passwd | md5 -d: -f2
I don't know if md5 is secure enough with a small string .
Luc Beurton.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000510153159.A23888>