passwds and crypt(3)...
Jonathan I. Kamens
jik at athena.mit.edu
Thu Jan 4 07:41:03 AEST 1990
In article <1990Jan3.103141.9903 at gdt.bath.ac.uk>, exspes at gdr.bath.ac.uk
(P E Smee) writes:
> Unstated, but implicit, is the fact that it is even worse if the perpetrator
> just wants to break *some* password(s), not necessarily yours. Having
> encrypted a 'trial' password once, it can then be checked against all
> encrypted passwords in /etc/passwd to see if it gets any hits.
(I'm not sure if you already know this, but it sounds like you don't
-- I may just be understanding what you're trying to say wrong.)
No, that's the whole point of the seed. The seed is *different* for
each encrypted password in the /etc/passwd file (or, at the very least,
there are a number of different seeds), so trial passwords must be
encrypted in each possible seed before they can be compared to encrypted
passwords.
Jonathan Kamens USnail:
MIT Project Athena 11 Ashford Terrace
jik at Athena.MIT.EDU Allston, MA 02134
Office: 617-253-8495 Home: 617-782-0710
More information about the Comp.unix.questions
mailing list