From owner-freebsd-questions Thu Nov 13 08:52:12 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id IAA25913 for questions-outgoing; Thu, 13 Nov 1997 08:52:12 -0800 (PST) (envelope-from owner-freebsd-questions) Received: from ns1.hiper.net (ns1.hiper.net [207.137.172.11]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id IAA25908 for ; Thu, 13 Nov 1997 08:52:10 -0800 (PST) (envelope-from randyk@ccsales.com) Received: from ntrkcasa (pool30.hiper.net [207.137.172.30]) by ns1.hiper.net (8.8.5/8.8.5) with SMTP id JAA29807; Thu, 13 Nov 1997 09:09:48 GMT Message-Id: <3.0.5.32.19971113085135.00a3ce20@ccsales.com> X-Sender: randyk@ccsales.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 13 Nov 1997 08:51:35 -0800 To: Steve Hovey From: "Randy A. Katz" Subject: Re: ARE THEY ABLE TO CRACK UNIX PASSWORDS??? Cc: questions@FreeBSD.ORG In-Reply-To: References: <3.0.5.32.19971113081706.00c0a960@ccsales.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk OK. We're using master.passwd, it seems they can just pull down this file and crack it. They got my root passwd and logged in and created other users which have root access. The password they got is something like 5693k. Did they actually get it from sniffing? I just can't believe they guessed that password!???! This guys' driving me nuts! Help! Thanx, Randy Katz > >You cannot decrypt a unix password - however you can guess them, and there >are utilities that look at the salt part of the password field of the >password file, then encrypt a dictionary - and or common permutations of >userid and gecos field info. > >If you use the master.passwd scheme and do not use NIS then they cant do >much of anything unless they gain root access or via some trick get a copy >of master.passwd - even then they gotta run guess software per above. > >