[6922] in cryptography@c2.net mail archive
QNX crypt() broken
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Sat Apr 15 19:06:57 2000
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@c2.net, cypherpunks@cyberpass.net
Reply-To: pgut001@cs.auckland.ac.nz
X-Charge-To: pgut001
Date: Sun, 16 Apr 2000 09:13:54 (NZST)
Message-ID: <95583323401676@kahu.cs.auckland.ac.nz>
I haven't seen this mentioned here before, but it looks like the people
playing with the iOpener (effectively a $99 PC once you bypass a few hurdles
set up by the manufacturer) have managed to reverse the QNX version of
crypt(), which is a homebrew (and insecure) algorithm rather than a real
crypt(). Source code is at http://i-opener-linux.net/decrypt. The iOpener
discussion board, http://www.kenseglerdesigns.com/cgi-bin/UltraBoard/ \
UltraBoard.pl?Action=ShowPost&Board=technical&Post=481 has a number of
messages in which people are posting (nontrivial) QNX root passwords (things
like 'osiw$6.4' and 'e0FGglvv', ie not ones which are been brute-forced).
Pretty much every QNX system, not just the iOpener, would be vulnerable to
this.
Ouch.
Peter.
