Multiple Root ID's considered evil?
Bob McGowen Wyse Technology Training
bob at wyse.wyse.com
Wed Sep 20 08:18:42 AEST 1989
In article <14617 at haddock.ima.isc.com> kencr at haddock.ima.isc.com (Kenny Crudup) writes:
>From article <435 at lxn.eds.com>, by bill at lxn.eds.com (Bill Doviak):
>> After checking both PASSWD(4) and PASSWD(1), I can't determine the signifcance
>> of an asterisk in the password field unless you wish to prevent logins
---deleted---
>One day while bored at work, I got out a piece of paper and traced back
>the DES crypt routine for some popular combinations of salt/key. If
>anyone is intrested, I have the passwords that make *, x, X, and 13 X's
>and 13 x's work. Send me E-mail.
>
I was under the impression (I do not remember from which document) that
an encrypted password would "ALWAYS" be 13 characters, which would imply
that *, x and X would never be generated and would therefore be totally
safe. Is this wrong or am I missing some other information that isn't
in the docs?
Also, under XENIX the asterix has been replaced with NO LOGIN, which
certainly tells what is intended and is not equal to 13 characters. Is
there any inherent danger in using this?
Thanks.
Bob McGowan (standard disclaimer, these are my own ...)
Customer Education, Wyse Technology, San Jose, CA
..!uunet!wyse!bob
bob at wyse.com
More information about the Comp.unix.wizards
mailing list