Passwords and salts
Dave Burton
daveb at i88.isc.com
Tue Jan 9 10:26:50 AEST 1990
In article <85606 at linus.UUCP> rtidd at mwunix.mitre.org writes:
|[rtidd at mwunix.mitre.org] wrote:
|>Just as a test, he wanted to find all the users whose passwords were
|>the same as their login names. He "cracked" about 35 passwords on the
|>first pass, including about 25 faculty accounts ...
|
|Incidentally, I have the source to the program that he used, if anyone
|is interested. I asked him if I could distribute it to the net and he
|said he didn't mind... in fact, he said he might enjoy the free
|"publicity". If anyone is interested, please drop me a line.
|
|To be responsible, I would be reluctant to distribute the source to
|anyone who is NOT a system administrator on their machine.
Oh, yes, *I'm* the sysadm for my machine. Really. Could you send me a copy?
That is not being responsible - you have no way of verifying this truth of
this statement. Besides, I may be the sysadm from my posting machine, but
use the program on another which I'm not.
Further, of what use would such a program be to a sysadm (other than
informing his users that their accounts are less secure than they
could be)? As for your friend's ego: this is a trivial program to write -
what "publicity" does it merit?
|Randy Tidd
-- Dave Burton
--
Dave Burton
uunet!ism780c!laidbak!daveb
More information about the Comp.unix.questions
mailing list