BSD passwd() [was Re: How to stop future viruses.]
Paul M. Aoki
aoki at faerie.Berkeley.EDU
Sat Nov 12 15:45:33 AEST 1988
In article <10436 at eddie.MIT.EDU> jbs at fenchurch.UUCP (Jeff Siegal) writes:
>In article <10835 at ulysses.homer.nj.att.com> smb at ulysses.homer.nj.att.com (Steven M. Bellovin) writes:
>>You don't need to use all 4096 salts; you simply need the ones used
>>on the target system.
>
>It turns out that, due to a (apparent) bug in passwd.c, at least on
>Berkeley systems, only about 400 salts ever get used.
>
>Jeff Siegal
Hmm. I just pawed over the password file on ernie.berkeley.edu
[ that's right, the place the worm was transmitting its location to ... ]
and found 630 salts for 671 accounts with passwords. Some of those
passwords have been there for an awfully long time.
Where did you get this information?
----------------
Paul M. Aoki
CS Division, Dept. of EECS // UCB // Berkeley, CA 94720 (415) 642-1863
aoki at postgres.Berkeley.EDU ...!ucbvax!aoki
More information about the Comp.unix.wizards
mailing list