From: Artur Pioro (arpi@uj.edu.pl)
Date: Thu Jul 25 2002 - 08:03:59 EDT
Hello,
I suspect that users on my system do have silly passwords (which may
be guessed for example with knowledge of their personal details --
family, birth dates and so on). Since user account security is rather
crucial within this system I would like to check them. It would not be
problem in case of standard /etc/passwd. However this system runs in
trusted mode and keeps passwords in files under /tcb/files/auth/*. As
root I am able to read these files, extract u_pwd fields, and put them
into standard passwd format to use crack on them. However I fear, that
not only the place of encrypted passwords is changed, but also
encoding algorithm (to allow longer passwords) and crack I use (c50a)
will not work (at least without digging in it's encryption
method). What is worse I wont learn about it -- it simply will not
reveal any passwords even if the are crackable...
So my question is:
- Do you know if c50a standard algorithm (I believe that it is taken
from libdes) is compatible with trusted mode passwords (HP-UX 11).
- If not -- Do you know about any encryption -- plugin for that
algorithm. I can't run crack in mode which uses HP-UX system
library, since I can run it only on different system (Solaris).
- Is there any other way do it (something different than, old
well-known Alec Muffett's crack)?
Regards,
-- Artur Pioro
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:16 EDT