Path: utzoo!utgpu!water!watmath!clyde!rutgers!rochester!bbn!lf-server-2.bbn.com!dkovar
From: dkovar@lf-server-2.BBN.COM (David Kovar)
Newsgroups: sci.crypt
Subject: Re: Unix Password Hacker
Message-ID: <657@morningdew.BBN.COM>
Date: 16 Feb 88 15:27:35 GMT
References: <731@ddsw1.UUCP>
Reply-To: dkovar@BBN.COM (David Kovar)
Distribution: na
Organization: BBN Communications Corp., Cambridge, MA
Lines: 24


  I am not certain that posting this was the most intelligent idea you've
ever had. I can forsee a lot of CPU cycles getting burned at colleges 
around the nation, a fair number of broken passwords, and a little bit
of hassle at each site as one or two anti-social types decide to do
something with their new found passwords.

  Handing a loaded gun to someone is usually not done, particularly if
they are going to turn it on you or someone around you. Granted, the
program is reasonably simple, but the average casually anti-social type
will not be able to figure out how to write it (though he can figure out
how to type "cc"). 

  I'm not advocating that we all bury our head in the sands and ignore
such issues. Discussing them in the open increases the general awareness
of the problem, something that is badly needed, I'll admit. Distributing
the code, though, will annoy some system administrators and really is
not overly polite.

  This is not a religious issue for me and I could probably argue both
sides of the issue. 

-David Kovar
 DKovar@BBN.COM