Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!uakari.primate.wisc.edu!ames!vsi1!wyse!bob
From: bob@wyse.wyse.com (Bob McGowen Wyse Technology Training)
Newsgroups: comp.unix.wizards
Subject: Re: Multiple Root ID's considered evil?
Message-ID: <2436@wyse.wyse.com>
Date: 19 Sep 89 22:18:42 GMT
References: <435@lxn.eds.com> <347@galadriel.bt.co.uk> <14617@haddock.ima.isc.com>
Sender: news@wyse.wyse.com
Reply-To: bob@wyse.UUCP (Bob McGowen Wyse Technology Training)
Organization: Wyse Technology
Lines: 27

In article <14617@haddock.ima.isc.com> kencr@haddock.ima.isc.com (Kenny Crudup) writes:
>From article <435@lxn.eds.com>, by bill@lxn.eds.com (Bill Doviak):
>> After checking both PASSWD(4) and PASSWD(1), I can't determine the signifcance
>> of an asterisk in the password field unless you wish to prevent logins
---deleted---
>One day while bored at work, I got out a piece of paper and traced back
>the DES crypt routine for some popular combinations of salt/key. If
>anyone is intrested, I have the passwords that make *, x, X, and 13 X's
>and 13 x's work. Send me E-mail.
>

I was under the impression (I do not remember from which document) that
an encrypted password would "ALWAYS" be 13 characters, which would imply
that *, x and X would never be generated and would therefore be totally
safe.  Is this wrong or am I missing some other information that isn't
in the docs?

Also, under XENIX the asterix has been replaced with NO LOGIN, which
certainly tells what is intended and is not equal to 13 characters.  Is
there any inherent danger in using this?

Thanks.

Bob McGowan  (standard disclaimer, these are my own ...)
Customer Education, Wyse Technology, San Jose, CA
..!uunet!wyse!bob
bob@wyse.com