Return to BSD News archive
Received: by minnie.vk1xwt.ampr.org with NNTP id AA699 ; Sat, 06 Feb 93 22:01:31 EST Path: sserve!manuel.anu.edu.au!munnari.oz.au!spool.mu.edu!clark!serval!news.u.washington.edu!usenet.coe.montana.edu!saimiri.primate.wisc.edu!sdd.hp.com!swrinde!cs.utexas.edu!geraldo.cc.utexas.edu!geraldo.cc.utexas.edu!usenet From: vax@ccwf.cc.utexas.edu (Vax) Newsgroups: comp.unix.bsd Subject: Re: *Big* security leak for users w/o crypt. Date: 5 Feb 1993 07:31:51 GMT Organization: The University of Texas at Austin, Austin TX Lines: 19 Message-ID: <1kt557INN2mp@geraldo.cc.utexas.edu> References: <1kmcqrINN4l@encap.hanse.de> <1kshqiINN3gv@stimpy.css.itd.umich.edu> NNTP-Posting-Host: sylvester.cc.utexas.edu In article <1kshqiINN3gv@stimpy.css.itd.umich.edu> pauls@css.itd.umich.edu (Paul Southworth) writes: >In article <1kmcqrINN4l@encap.hanse.de> maverick@encap.hanse.de (Jan-Oliver Neumann) writes: > >Maybe this is an ignorant comment, but since the * is the password, and >*with* DES these accounts can be accessed via an su by a process like >cron running with uid 0 (thereby bypassing the need for a password with >the su) one could just as easily change the password to something other >than *, right? > Hmm. Or you could get a crypt that doesn't use DES, like I think Coherent uses a rotor-machine algorithm. They are fairly secure, even though the Enigma was broken during WWII it should still serve against casual intruders. Or make something similar. It shouldn't be too hard. It's not like you will keep out a guru or cryptographer anyway. Depends on how much security you need. -- Protect our endangered bandwidth - reply by email. NO BIG SIGS! VaX#n8 vax@ccwf.cc.utexas.edu - finger for more info if you even care.