How secure is UNIX?

Dan KoGai dankg at tornado.Berkeley.EDU
Mon Jun 11 04:34:17 AEST 1990 

In article <1990Jun8.175747.18776 at athena.mit.edu> jik at athena.mit.edu (Jonathan I. Kamens) writes:

>  I am becoming more and more convinced that you're flaming without much
>justification about something about which you know little, and frankly,
>it's getting a little irritating.

	All I know is I became victim and there are a lot others.  And it's
not that hard to overcome crypt().  I admit I know too little to become
a security expert.  But it doesn't take a wizard to know every single file
I had were brutally deleted.  Are you still saying I am just flaming?
if you stop me or people like me from what you call flaming, Give us secure
system for first place so I don't have to post something like this anymore,
period!

>  Well-chosen passwords *are* secure enough in almost all situations,
>even when the /etc/passwd file is world-readable.  The fact that you
>wrote a C program to crack passwords and it successfully found yours
>just means that your password was not well-chosen.  You can't blame Unix
>for that.

	I think my password was well-chosen:  It is hardly English or
any other language, with Uppercase and Numbers.  My previous one was very
random also.  Yet my 10-line (now 20 and can handle even more complex cases)
successfully found it:  I didn't use /usr/dict/words or any sort at all.

>  Actually, I consider fast log-in time to be one of the most important
>features in any given system.

	Provided it's secure enough.  UNIX is not.  I'm not very exceptionally
rare victims.  I know a lot of even severe cases broken harder, which are
protected with UNIX experts.  How many victims do we need to convince you
guys that today's UNIX needs major upgrade of secirity?  Well, even after
Stockton Masscare, this country allows us to have guns without any lisence.
maybe asking Americans for secirity is never secure enough for 1st place.

----------------
____  __  __    + Dan The "Just one of many victims" Man
    ||__||__|   + E-mail:	dankg at ocf.berkeley.edu
____| ______ 	+ Voice:	+1 415-549-6111
|     |__|__|	+ USnail:	1730 Laloma Berkeley, CA 94709 U.S.A
|___  |__|__|	+	
    |____|____	+ if (!strcmp(cryptpass, crypt(pass, cryptpass)))
  \_|    |      + 	You_Are_Toast();

More information about the Comp.unix.questions mailing list