Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uunet!mcsun!ukc!dcl-cs!gdt!gdr!exspes From: exspes@gdr.bath.ac.uk (P E Smee) Newsgroups: comp.unix.questions Subject: Re: passwds and crypt(3)... Message-ID: <1990Jan3.103141.9903@gdt.bath.ac.uk> Date: 3 Jan 90 10:31:41 GMT References: <21913@adm.BRL.MIL> <1990Jan2.222052.915@athena.mit.edu> Reply-To: exspes@gdr.bath.ac.uk (P E Smee) Organization: University of Bristol c/o University of Bath Lines: 31 In article <1990Jan2.222052.915@athena.mit.edu> jik@athena.mit.edu (Jonathan I. Kamens) writes: > Now, let's say that someone wants to break into your account, and >since they don't know the various security holes that could allow them >to become the super-user on any Unix machine :-), they want to do so by >finding out what your password is. They have the following tools to help them: > >What the program does it take each word in the password dictionary and >encrypt it using the seed in the /etc/passwd file. Then, it checks if >the encrypted string which is returned is the same as your encrypted >password string, and if it is, it has found your password! Unstated, but implicit, is the fact that it is even worse if the perpetrator just wants to break *some* password(s), not necessarily yours. Having encrypted a 'trial' password once, it can then be checked against all encrypted passwords in /etc/passwd to see if it gets any hits. A few years ago a couple of our undergrads used this approach against our Multics system. (On Multics the password file was not normally readable by the public, but a change in default access settings at a new system release created a 'window' at our site during which the U/Gs grabbed a copy.) By the time we found the parties involved, they had cracked on the order of 85% of the passwords on the system using this approach. (Something like 25 users were using 'hello', sigh.) Having access to so many accounts, they were even doing their cracking on Multics -- but in 'invisibly-named' directories which appeared to belong to other people, scattered liberally throughout the system. -- Paul Smee, Univ of Bristol Comp Centre, Bristol BS8 1TW, Tel +44 272 303132 Smee@bristol.ac.uk :-) (..!uunet!ukc!gdr.bath.ac.uk!exspes if you MUST)