Xref: utzoo news.sysadmin:1333 comp.unix.wizards:12302
Path: utzoo!attcan!uunet!ncrlnk!ncrcae!hubcap!gatech!uflorida!ukma!tut.cis.ohio-state.edu!bloom-beacon!mit-eddie!fenchurch!jbs
From: jbs@fenchurch.mit.edu (Jeff Siegal)
Newsgroups: news.sysadmin,comp.unix.wizards
Subject: Re: How to stop future viruses.
Message-ID: <10436@eddie.MIT.EDU>
Date: 10 Nov 88 23:49:33 GMT
References: <2178@cuuxb.ATT.COM> <778@mailrus.cc.umich.edu> <10835@ulysses.homer.nj.att.com>
Sender: uucp@eddie.MIT.EDU
Reply-To: jbs@fenchurch.UUCP (Jeff Siegal)
Organization: MIT, EE/CS Computer Facilities, Cambridge, MA
Lines: 8

In article <10835@ulysses.homer.nj.att.com> smb@ulysses.homer.nj.att.com (Steven M. Bellovin) writes:
>You don't need to use all 4096 salts; you simply need the ones used
>on the target system.

It turns out that, due to a (apparent) bug in passwd.c, at least on
Berkeley systems, only about 400 salts ever get used.

Jeff Siegal