Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!sharkey!cfctech!teemc!ka3ovk!drilex!axiom!linus!chance!ccel
From: ccel@chance.uucp (CCEL)
Newsgroups: comp.unix.questions
Subject: Passwords and salts
Keywords: passwd, password, salt
Message-ID: <85606@linus.UUCP>
Date: 5 Jan 90 14:36:24 GMT
Sender: news@linus.UUCP
Reply-To: rtidd@mwunix.mitre.org
Organization: MITRE-McLean Software Engineering Laboratory
Lines: 23

*I* wrote:
>Funny you should mention this, my roommate ran a program that does
>just this on our college's Ultrix machine (i'll leave out the names).
>Just as a test, he wanted to find all the users whose passwords were
>the same as their login names. He "cracked" about 35 passwords on the
>first pass, including about 25 faculty accounts (kind of disturbing
>that CS faculty members would be so careless with their passwords).
>The University ended up charging him about $2800.00, something about
>misuse of computer time...

Kind of irresponsible (bad nettiquite) to quote my own message, sorry.
Incidentally, I have the source to the program that he used, if anyone
is interested. I asked him if I could distribute it to the net and he
said he didn't mind... in fact, he said he might enjoy the free
"publicity". If anyone is interested, please drop me a line.

To be responsible, I would be reluctant to distribute the source to
anyone who is NOT a system administrator on their machine.


Randy Tidd
rtidd@mwsun@mitre.org
#define DISCLAIM TRUE