[Gllug] SSH is Not Secure!
Tom Gilbert
tom at linuxbrit.co.uk
Tue Jul 24 21:20:00 UTC 2001
* Nix (nix at esperi.demon.co.uk) wrote:
> On Tue, 24 Jul 2001, Alex Hudson said:
> > How many people around here are going to own up to having
> > two-character-or-less passwords??
>
> It's the crypted form that the problem arises with, so this means that
> starred-out accounts are vulnerable.
That doesn't make sense to me - the bug is in the decrytping of the
password and the existance of the salt characters - the * in a starred
out account takes no part in the decryption process, it's there
uncrypted - and the check for a *'d out account is done before any
crypted comparisons take place.
Tom.
--
.^. .-------------------------------------------------------.
/V\ | Tom Gilbert, London, England | http://linuxbrit.co.uk |
/( )\ | Open Source/UNIX consultant | tom at linuxbrit.co.uk |
^^-^^ `-------------------------------------------------------'
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list