Date: Thu, 13 Nov 1997 08:51:35 -0800 From: "Randy A. Katz" <randyk@ccsales.com> To: Steve Hovey <shovey@buffnet.net> Cc: questions@FreeBSD.ORG Subject: Re: ARE THEY ABLE TO CRACK UNIX PASSWORDS??? Message-ID: <3.0.5.32.19971113085135.00a3ce20@ccsales.com> In-Reply-To: <Pine.BSI.3.95.971113114256.9079C-100000@buffnet11.buffnet. net> References: <3.0.5.32.19971113081706.00c0a960@ccsales.com>
next in thread | previous in thread | raw e-mail | index | archive | help
OK. We're using master.passwd, it seems they can just pull down this file and crack it. They got my root passwd and logged in and created other users which have root access. The password they got is something like 5693k. Did they actually get it from sniffing? I just can't believe they guessed that password!???! This guys' driving me nuts! Help! Thanx, Randy Katz > >You cannot decrypt a unix password - however you can guess them, and there >are utilities that look at the salt part of the password field of the >password file, then encrypt a dictionary - and or common permutations of >userid and gecos field info. > >If you use the master.passwd scheme and do not use NIS then they cant do >much of anything unless they gain root access or via some trick get a copy >of master.passwd - even then they gotta run guess software per above. > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.19971113085135.00a3ce20>