From owner-freebsd-questions  Thu Nov 13 08:45:30 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id IAA25335
          for questions-outgoing; Thu, 13 Nov 1997 08:45:30 -0800 (PST)
          (envelope-from owner-freebsd-questions)
Received: from buffnet4.buffnet.net (buffnet4.buffnet.net [205.246.19.13])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id IAA25329
          for <questions@FreeBSD.ORG>; Thu, 13 Nov 1997 08:45:25 -0800 (PST)
          (envelope-from shovey@buffnet.net)
Received: from buffnet11.buffnet.net (shovey@buffnet11.buffnet.net [205.246.19.55]) by buffnet4.buffnet.net (8.7.5/8.7.3) with SMTP id LAA19003; Thu, 13 Nov 1997 11:44:38 -0500 (EST)
Date: Thu, 13 Nov 1997 11:44:38 -0500 (EST)
From: Steve Hovey <shovey@buffnet.net>
To: "Randy A. Katz" <randyk@ccsales.com>
cc: questions@FreeBSD.ORG
Subject: Re: ARE THEY ABLE TO CRACK UNIX PASSWORDS???
In-Reply-To: <3.0.5.32.19971113081706.00c0a960@ccsales.com>
Message-ID: <Pine.BSI.3.95.971113114256.9079C-100000@buffnet11.buffnet.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Thu, 13 Nov 1997, Randy A. Katz wrote:

> Hello,
> 
> Are they able to crack Unix passwords? How to prevent this? Please tell me
> quickly, I've got some hacker terrorizing me.

You cannot decrypt a unix password - however you can guess them, and there
are utilities that look at the salt part of the password field of the
password file, then encrypt a dictionary - and or common permutations of
userid and gecos field info.

If you use the master.passwd scheme and do not use NIS then they cant do
much of anything unless they gain root access or via some trick get a copy
of master.passwd - even then they gotta run guess software per above.