[Gllug] SSH is Not Secure!
Nix
nix at esperi.demon.co.uk
Tue Jul 24 22:52:16 UTC 2001
On Tue, 24 Jul 2001, Tom Gilbert yowled:
> * Nix (nix at esperi.demon.co.uk) wrote:
>> It's the crypted form that the problem arises with, so this means that
>> starred-out accounts are vulnerable.
>
> That doesn't make sense to me - the bug is in the decrytping of the
> password and the existance of the salt characters - the * in a starred
> out account takes no part in the decryption process, it's there
> uncrypted - and the check for a *'d out account is done before any
> crypted comparisons take place.
Oh. If that's the case I must have misunderstood the bugtraq thread :(
My apologies.
--
`It's all about bossing computers around. Users have to say "please".
Programmers get to say "do what I want NOW or the hard disk gets it".'
-- Richard Heathfield on the nature of programming
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list