home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: alt.security
- Path: sparky!uunet!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!The-Star.honeywell.com!umn.edu!news.cs.indiana.edu!mvanheyn@silky.cs.indiana.edu
- From: Marc VanHeyningen <mvanheyn@silky.cs.indiana.edu>
- Subject: Re: passwd security check
- Message-ID: <1992Jul25.001141.10256@news.cs.indiana.edu>
- X-Quoted: 52%
- Reply-To: mvanheyn@whale.cs.indiana.edu
- Organization: Computer Science Dept, Indiana University
- References: <1992Jul22.190827.30077@iitmax.iit.edu> <1992Jul23.113410.25479@jarvis.csri.toronto.edu>
- Date: Sat, 25 Jul 1992 00:11:36 -0500
- Lines: 24
-
- Thus said flaps@dgp.toronto.edu (Alan J Rosenthal):
- >technews@iitmax.iit.edu (Kevin Kadow) writes:
- >>Can somebody point me to a program that will do a security "audit" on the passwd
- >>file, e.g. reporting (either in a file or as e-mail to the concerned parties)
- >>when 2 or more accounts have the same password, and other "holes" that would
- >>not be found by crack?
- >
- >apart from the big security problem others have pointed out, you can't do this
- >without cracking the two individual passwords anyway, unless they were
- >encrypted with the same salt (if the randomization is good, just one chance
- >in 4096).
-
- Of course, it would be easy to do it with a fascist passwd program.
- Just have it check the given password against all the ones in the file,
- and if it matches, it prints a message saying "Sorry, that is the same
- as the password for user flaps." That way, people wouldn't use the same
- passwords, and security would be increased.
-
- (Oh yeah, :-)
- --
- Marc VanHeyningen mvanheyn@whale.cs.indiana.edu MIME accepted
-
- "James equal frothy DNA" "Joyful Qatar headsmen."
- - my favorite anagrams of "James Danforth Quayle"
-
