[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Users Password





Andy Tsouladze wrote:

> On Sun, 30 Aug 1998, Stanislav Malyshev a.k.a Frodo wrote:
>
> > On Sun, 30 Aug 1998, Ben - Nes Michael wrote:
> >
> > > Because i switch to other authentication system I need to get back
> all
> > > my users encrypted password form the passwd file (im talking on
> thousand
> > > + - ).
> > > If ill have to call each one of them ill probably die :-(
> >
> > You mean *un*encrypted password, right? Because encrypted ones are
> already
> > there. Well, basically you have a big problem. Real one. UNIX
> password
> > scheme is designed to be irreversible,

not true, it is irreversible but you need planty of time and a 1gb
password file... (a strong machine will help :))

> and it is. You may try running
> > Crack on your password file, buy if it succedes - you are in a big
> problem
> > here too, because you have weak passwords and are ready to fall prey
> to
>

> > first lazy teenager which has some spare time to spend before
> entering
> > IDF.
>

well sure passwd file's are crackblle and anyone with a lot of spare
time and i do mean ALOT, can crack them down, i just want to explain
that ISP's does not usely selects passwords for the users, the user that
selects it sometimes use something as simple as 1234, so you can't realy
control it unless you give random passwords which means even bigger
problem when users forgets his password and bug you :Dthe bigger issue
here is not weak passwd's more like getting passwd's file's but thats
out of subject because it is not related to the problem so i will stop
this subject before it gets any bigger  :D

> for wordlists :) http://www.genocide2600.com/~tattooman/wordlists/



> Just take a sniffer, install it on your system and run for a few days.
> It
> will log cleartext passwords in a file.
> If you do not have one, I guess I can find something in my archives.
>
>

sniffers are avilable
in:http://www.genocide2600.com/~tattooman/scanners-sniffers/
however i do not recommend sniffers because if a user found out it can
cost you....

> As to cracking, John The Ripper is much stronger and faster than
> Crack.
>

hmmm crackers are a conterviersal subject everyone has his favorite for
some reasons or another :D
http://www.genocide2600.com/~tattooman/passwd-crackers/

Peleg Samson, UniqTech Security.