Return to BSD News archive
Received: by minnie.vk1xwt.ampr.org with NNTP id AA665 ; Sat, 06 Feb 93 19:00:23 EST Path: sserve!manuel.anu.edu.au!munnari.oz.au!spool.mu.edu!uwm.edu!cs.utexas.edu!swrinde!gatech!emory!sol.ctr.columbia.edu!eff!enterpoop.mit.edu!ai-lab!hal.gnu.ai.mit.edu!mycroft From: mycroft@hal.gnu.ai.mit.edu (Charles Hannum) Newsgroups: comp.unix.bsd Subject: Re: *Big* security leak for users w/o crypt. Date: 4 Feb 1993 18:28:20 GMT Organization: /etc/organization Lines: 12 Message-ID: <1krn84INNf40@life.ai.mit.edu> References: <1kmcqrINN4l@encap.hanse.de> <CGD.93Feb3180816@eden.CS.Berkeley.EDU> NNTP-Posting-Host: hal.ai.mit.edu I just changed all the `*'s to my root password. I've been thinking about changing to a convention of using, say, `**' as the `salt' to indicate that the rest of the password is unencrypted. This would allow upward-compatibility with versions of programs which actually use crypt(), and would avoid a clash with `*'. -- \ / Charles Hannum, mycroft@ai.mit.edu /\ \ PGP public key available on request. MIME, AMS, NextMail accepted. Scheme White heterosexual atheist male (WHAM) pride!