Passwords and salts
CCEL
ccel at chance.uucp
Sat Jan 6 01:36:24 AEST 1990
*I* wrote:
>Funny you should mention this, my roommate ran a program that does
>just this on our college's Ultrix machine (i'll leave out the names).
>Just as a test, he wanted to find all the users whose passwords were
>the same as their login names. He "cracked" about 35 passwords on the
>first pass, including about 25 faculty accounts (kind of disturbing
>that CS faculty members would be so careless with their passwords).
>The University ended up charging him about $2800.00, something about
>misuse of computer time...
Kind of irresponsible (bad nettiquite) to quote my own message, sorry.
Incidentally, I have the source to the program that he used, if anyone
is interested. I asked him if I could distribute it to the net and he
said he didn't mind... in fact, he said he might enjoy the free
"publicity". If anyone is interested, please drop me a line.
To be responsible, I would be reluctant to distribute the source to
anyone who is NOT a system administrator on their machine.
Randy Tidd
rtidd at mwsun@mitre.org
#define DISCLAIM TRUE
More information about the Comp.unix.questions
mailing list