because I am not above asking...
George Toft
george@georgetoft.com
Thu, 04 Jan 2001 06:34:19 -0700
Now I'm going to have to retry it to vindicate myself.
George
plug@arcticmail.com wrote:
>
> He didn't type it in "from memory."
>
> He randomly chose a salt and a password and
> used his mind to create the hash using the
> same hash function that Solaris uses! Three
> minutes to Wapner. Yeah. About a hundred
> dollars. Yeah.
>
> The only thing I can think of on the "position"
> issue is that the code that reads /etc/passwd
> and /etc/shadow might go a little wonky if
> the two files weren't in sync (e.g., /etc/shadow
> has a like for "bgates" but a corresponding
> entry is missing from /etc/passwd). If /etc/passwd
> and /etc/shadow WERE in sync (same logins and the
> logins are in the same order in both files),
> then that would be quite a stumper.
>
> I remember waay back on SCO Unix that its
> security subsystem wasn't happy if /etc/passwd,
> /etc/group, and the tcb ("trusted" computing
> base (ja, right!)) weren't consistent.
>
> D
>
> * On Tue, Jan 02, 2001 at 01:31:19PM -0700, sinck@ugive.com wrote:
> >
> >
> > \_ As long as you are not moving the passwords, yes. It seems the
> > \_ passwords are dependent upon position (based on experience where
> > \_ I tried to delete a user using vi on /etc/passwd, and every user
> > \_ after that position could no longer log in; I restored that user and
> > \_ all of the others could log in again).
> >
> > Urk...that's new behaviour...I remember the good old days when I saw
> > someone stop-a a sun, bring it back up single user, type in the
> > encrypted password string *from memory* and had a viable user when it
> > came up all the way.
> >
> > On an unrelated humor note:
> >
> > http://news.bbc.co.uk/hi/english/world/middle_east/newsid_1097000/1097631.stm
> >
> > David
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss