How to stop future viruses.
Root Boy Jim
rbj at nav.icst.nbs.gov
Fri Nov 18 03:58:37 AEST 1988
? From: Peter da Silva <peter at ficc.uu.net>
? > For example, what is the shadow file called
? /etc/shadow
My first reaction is not to put it in /etc, or hide it with a dot, or
call it something weird, but that doesn't really accomplish much.
? > , what is its format,
? Same as passwd, but only the username and password are filled in.
Why not fill it all in?
? > what sort of stuff is left in the password field in /etc/passwd,
? The letter 'x'.
Here I disagree. It just announces the existence of the shadow file.
A better thing to do would be encrypt the password as usual, *and then
select a random salt* to replace the salt it was encrypted with. That
way, naive people can crack away to no avail.
I note that you are reporting things the way they *are*; my comments
are IMHO the way they *should be*.
? Peter da Silva `-_-' Ferranti International Controls Corporation
? "Have you hugged U your wolf today?" uunet.uu.net!ficc!peter
? Disclaimer: My typos are my own damn business. peter at ficc.uu.net
(Root Boy) Jim Cottrell (301) 975-5688
<rbj at nav.icst.nbs.gov> or <rbj at icst-cmr.arpa>
Crackers and Works -- Breakfast of Champions!
More information about the Comp.unix.wizards
mailing list