[100565] in RedHat Linux List
Re: Hacked! :(
daemon@ATHENA.MIT.EDU (Ramon Gandia)
Sat Nov 21 21:29:15 1998
Date: Sat, 21 Nov 1998 17:28:04 -0900
From: Ramon Gandia <rfg@nook.net>
To: redhat-list@redhat.com
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
Sean Harding wrote:
> No, I'm talking about once he/she has the passwd file. If they have the
> passwd file somehow, they *aren't* going to try to decrypt passwords.
> They'll use something like Crack. How you setup your system (other than
> being secure enough to keep them from getting passwd in the first place or
> forcing users to have good passwords) has no bearing on how well this
> tactic will work. Crack and the like don't make any connections to the
> computer whose passwd file is being cracked; they don't know anything
> about that remote machine.
Not so. It will only work if you haven't got shadow passwords.
In that case /etc/passwd will only show this:
rfg:x:501:100:/home/rfg:/bin/bash
whereas with NO shadow passwords it will show
rfg:3C509$8HmUu:501:100:/home/rfg:/bin/bash
^^^^^^^^^^^
this is the encrypted password which the crack program will
try to match. With shadow, there is just the :x: and no
possibility of match. Read my post and you will see that
I mentioned that you NEED shadow passwords.
With shadow passwords enabled, the only chance the cracker has
is to crash a program running root priviledge, or telnet in
and try a gazillion passwords.. a very slow process as I pointed
at. And he has to guess TWO passwords: a regular user's and
then the root one. Of course, if he has shell account, he only
has to guess the root one.
--
Ramon Gandia ==== Sysadmin ==== Nook Net ==== http://www.nook.net
285 West First Avenue rfg@nook.net
P.O. Box 970 tel. 907-443-7575
Nome, Alaska 99762-0970 ======================= fax. 907-443-2487
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
