He didn't type it in "from memory."

He randomly chose a salt and a password and
used his mind to create the hash using the
same hash function that Solaris uses!  Three
minutes to Wapner.  Yeah.  About a hundred
dollars.  Yeah.

The only thing I can think of on the "position"
issue is that the code that reads /etc/passwd
and /etc/shadow might go a little wonky if
the two files weren't in sync (e.g., /etc/shadow
has a like for "bgates" but a corresponding
entry is missing from /etc/passwd).  If /etc/passwd
and /etc/shadow WERE in sync (same logins and the
logins are in the same order in both files),
then that would be quite a stumper.

I remember waay back on SCO Unix that its
security subsystem wasn't happy if /etc/passwd,
/etc/group, and the tcb ("trusted" computing
base (ja, right!)) weren't consistent.


D

* On Tue, Jan 02, 2001 at 01:31:19PM -0700, sinck@ugive.com wrote:
> 
> 
> \_ As long as you are not moving the passwords, yes.  It seems the 
> \_ passwords are dependent upon position (based on experience where
> \_ I tried to delete a user using vi on /etc/passwd, and every user
> \_ after that position could no longer log in; I restored that user and
> \_ all of the others could log in again).
> 
> Urk...that's new behaviour...I remember the good old days when I saw
> someone stop-a a sun, bring it back up single user, type in the
> encrypted password string *from memory* and had a viable user when it
> came up all the way.
> 
> On an unrelated humor note:
> 
> http://news.bbc.co.uk/hi/english/world/middle_east/newsid_1097000/1097631.stm
> 
> David