Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!tut.cis.ohio-state.edu!att!laidbak!daveb
From: daveb@i88.isc.com (Dave Burton)
Newsgroups: comp.unix.questions
Subject: Re: Passwords and salts
Keywords: passwd, password, salt
Message-ID: <1990Jan8.232650.6615@i88.isc.com>
Date: 8 Jan 90 23:26:50 GMT
References: <85606@linus.UUCP>
Sender: usenet@i88.isc.com (Usenet News)
Organization: Interactive Systems nee Lachman Associates
Lines: 31

In article <85606@linus.UUCP> rtidd@mwunix.mitre.org writes:
|[rtidd@mwunix.mitre.org] wrote:
|>Just as a test, he wanted to find all the users whose passwords were
|>the same as their login names. He "cracked" about 35 passwords on the
|>first pass, including about 25 faculty accounts ...
|
|Incidentally, I have the source to the program that he used, if anyone
|is interested. I asked him if I could distribute it to the net and he
|said he didn't mind... in fact, he said he might enjoy the free
|"publicity". If anyone is interested, please drop me a line.
|
|To be responsible, I would be reluctant to distribute the source to
|anyone who is NOT a system administrator on their machine.

Oh, yes, *I'm* the sysadm for my machine. Really. Could you send me a copy?

That is not being responsible - you have no way of verifying this truth of
this statement. Besides, I may be the sysadm from my posting machine, but
use the program on another which I'm not.

Further, of what use would such a program be to a sysadm (other than
informing his users that their accounts are less secure than they
could be)? As for your friend's ego: this is a trivial program to write -
what "publicity" does it merit?

|Randy Tidd

-- Dave Burton
--
Dave Burton
uunet!ism780c!laidbak!daveb