Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!uwm.edu!ux1.cso.uiuc.edu!lemson
From: lemson@ux1.cso.uiuc.edu (David Lemson)
Newsgroups: comp.org.eff.talk
Subject: Re: Allow students to run password guessers?
Message-ID: <1991Jun29.203936.4789@ux1.cso.uiuc.edu>
Date: 29 Jun 91 20:39:36 GMT
References: <1991Jun24.041435.5423@athena.cs.uga.edu> <44260@fmsrl7.UUCP> <1991Jun24.173743.11003@Firewall.Nielsen.Com>
Organization: University of Illinois at Urbana
Lines: 21

kdenning@genesis.Naitc.Com (Karl Denninger) writes:

>Note, however, that COPS does NOT give you the "guessed" password.  It only
>tells you that the password was easily compromised, not WHAT it is.

>Therefore, it would be OK for me to run COPS on your systems.  But you have
>said that it isn't.  Why?

>--
>Karl Denninger - AC Nielsen, Bannockburn IL (708) 317-3285
>kdenning@nis.naitc.com

Maybe the passwd.chk script is set up that way, but the program that
comes in ~cops/src/pass.c that guesses passwords will display the
found password with the appropriate command line switch.    So it
will display the found password.


-- 
David Lemson   University of Illinois Computing Services Consultant
Internet : lemson@uiuc.edu         UUCP :...!uiucuxc!uiucux1!lemson