[Gllug] SSH is Not Secure!

Tom Gilbert tom at linuxbrit.co.uk
Tue Jul 24 21:20:00 UTC 2001


* Nix (nix at esperi.demon.co.uk) wrote:
> On Tue, 24 Jul 2001, Alex Hudson said:
> > How many people around here are going to own up to having
> > two-character-or-less passwords??
> 
> It's the crypted form that the problem arises with, so this means that
> starred-out accounts are vulnerable.

That doesn't make sense to me - the bug is in the decrytping of the
password and the existance of the salt characters - the * in a starred
out account takes no part in the decryption process, it's there
uncrypted - and the check for a *'d out account is done before any
crypted comparisons take place.

Tom.
-- 
   .^.    .-------------------------------------------------------.
   /V\    | Tom Gilbert, London, England | http://linuxbrit.co.uk |
 /(   )\  | Open Source/UNIX consultant  | tom at linuxbrit.co.uk    |
  ^^-^^   `-------------------------------------------------------'

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list