Re: Decrypt Unix Password File

["Douglas R. Floyd" <dfloyd@IO.COM>]

> 
> On Tue, 23 Jul 1996, Dr.Dimitri Vulis KOTM wrote:
> > Jerome Tan <jti@i-manila.com.ph> writes:
> > > How can I decrypt Unix password file?
> > There are many programs that do this, e.g., look for 'crack'.
> > This attack can be made more difficult if you force your users not to use
> > easy-to-guess passwords, and if you use something like NIS and shadowing to
> > make the public part of the passwords harder to get.
> 
>      From my conversations with Mr. Tan, he seems to be a high school 
> bent of mischeif. He is the one who asked about penetating firewalls, 
> and now wants to know how to hack a unix passwd file. 
> 
>      Now, I am not philosophically opposed to hacking, unless you are doing
> it to a machine that I am responsible for, (in which case you'd better hope
> the FBI finds you before I do) but I don't think that it would be a good 
> idea to just give him the information. He would wind up getting caught all 
> too easily, and might point to this list as a source of information on 
> cracking techniques. 

Just what they want, anyway -- make cypherpunks look like villins.

> 
>      I don't know if this should go to the whole list, so you can 
> bounce it there if you think it proper.

I think you used your judgement well in this case.

There are many places to start learning about firewalls and UNIX security.
I recommend the _Building Internet Firewalls_ O'reilly book, as well as
_Practical UNIX & Internet Security_ as well.  I don't feel right about
spoon feeding cracking info to someone like this.

(PS:  The animal on the _Building Internet Firewalls_ book is hidden
behind the gates.  It is a Trojan Horse.  I heard this secondhand.)

> 
> Petro, Christopher C.
> petro@suba.com <prefered for any non-list stuff>
> snow@smoke.suba.com
>