He didn't type it in "from memory."
He randomly chose a salt and a password and
used his mind to create the hash using the
same hash function that Solaris uses! Three
minutes to Wapner. Yeah. About a hundred
dollars. Yeah.
The only thing I can think of on the "position"
issue is that the code that reads /etc/passwd
and /etc/shadow might go a little wonky if
the two files weren't in sync (e.g., /etc/shadow
has a like for "bgates" but a corresponding
entry is missing from /etc/passwd). If /etc/passwd
and /etc/shadow WERE in sync (same logins and the
logins are in the same order in both files),
then that would be quite a stumper.
I remember waay back on SCO Unix that its
security subsystem wasn't happy if /etc/passwd,
/etc/group, and the tcb ("trusted" computing
base (ja, right!)) weren't consistent.
D
* On Tue, Jan 02, 2001 at 01:31:19PM -0700,
sinck@ugive.com wrote:
>
>
> \_ As long as you are not moving the passwords, yes. It seems the
> \_ passwords are dependent upon position (based on experience where
> \_ I tried to delete a user using vi on /etc/passwd, and every user
> \_ after that position could no longer log in; I restored that user and
> \_ all of the others could log in again).
>
> Urk...that's new behaviour...I remember the good old days when I saw
> someone stop-a a sun, bring it back up single user, type in the
> encrypted password string *from memory* and had a viable user when it
> came up all the way.
>
> On an unrelated humor note:
>
> http://news.bbc.co.uk/hi/english/world/middle_east/newsid_1097000/1097631.stm
>
> David
(text/plain)