From: Artur Pioro (arpi@uj.edu.pl)
Date: Mon Jul 29 2002 - 14:51:16 EDT
Sorry for the delay,
I was bit busy cracking :) and writing my security-audit report...
Here is what I learned from you:
- Trusted password are encrypted with same (crypt) algorithm,
as passwords which are kept in /etc/passwd,
- Trusted password may be longer, so is their coded form.
- It is possible to "crack" first 8 characters simply removing part of
encrypted string.
- System, which is "untrusted" copies passwords back to /etc/passwd.
I also learned about HP utility "PWplus" which pro-actively keeps users
from setting easy to crack passwords.
I'd like to thank
AVGOUSTAKIS,DIMITRI (HP-Belgium,ex1)" <dimitri_avgoustakis@hp.com>
"Lodge, David" <David.Lodge@capitalone.com>
"Wolf-Dietrich Schmook" <Wolf-Dietrich_Schmook@notes.ctc.de>
Eef Hartman <hartman@dutita3.twi.tudelft.nl>
"V. T. Mueller" <V.T.Mueller@continum.net>
for their prompt responses.
Regards,
-- Artur Pioro
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:17 EDT