*BSD News Article 10782


Return to BSD News archive

Received: by minnie.vk1xwt.ampr.org with NNTP
	id AA665 ; Sat, 06 Feb 93 19:00:23 EST
Path: sserve!manuel.anu.edu.au!munnari.oz.au!spool.mu.edu!uwm.edu!cs.utexas.edu!swrinde!gatech!emory!sol.ctr.columbia.edu!eff!enterpoop.mit.edu!ai-lab!hal.gnu.ai.mit.edu!mycroft
From: mycroft@hal.gnu.ai.mit.edu (Charles Hannum)
Newsgroups: comp.unix.bsd
Subject: Re: *Big* security leak for users w/o crypt.
Date: 4 Feb 1993 18:28:20 GMT
Organization: /etc/organization
Lines: 12
Message-ID: <1krn84INNf40@life.ai.mit.edu>
References: <1kmcqrINN4l@encap.hanse.de> <CGD.93Feb3180816@eden.CS.Berkeley.EDU>
NNTP-Posting-Host: hal.ai.mit.edu


I just changed all the `*'s to my root password.

I've been thinking about changing to a convention of using, say, `**'
as the `salt' to indicate that the rest of the password is unencrypted.
This would allow upward-compatibility with versions of programs which
actually use crypt(), and would avoid a clash with `*'.

-- 
 \  /   Charles Hannum, mycroft@ai.mit.edu
 /\ \   PGP public key available on request.  MIME, AMS, NextMail accepted.
Scheme  White heterosexual atheist male (WHAM) pride!