On Tue, 23 Jul 1996, Dr.Dimitri Vulis KOTM wrote:
Jerome Tan <jti@i-manila.com.ph> writes:
How can I decrypt Unix password file? There are many programs that do this, e.g., look for 'crack'. This attack can be made more difficult if you force your users not to use easy-to-guess passwords, and if you use something like NIS and shadowing to make the public part of the passwords harder to get.
From my conversations with Mr. Tan, he seems to be a high school bent of mischeif. He is the one who asked about penetating firewalls, and now wants to know how to hack a unix passwd file.
Now, I am not philosophically opposed to hacking, unless you are doing it to a machine that I am responsible for, (in which case you'd better hope the FBI finds you before I do) but I don't think that it would be a good idea to just give him the information. He would wind up getting caught all too easily, and might point to this list as a source of information on cracking techniques.
Just what they want, anyway -- make cypherpunks look like villins.
I don't know if this should go to the whole list, so you can bounce it there if you think it proper.
I think you used your judgement well in this case. There are many places to start learning about firewalls and UNIX security. I recommend the _Building Internet Firewalls_ O'reilly book, as well as _Practical UNIX & Internet Security_ as well. I don't feel right about spoon feeding cracking info to someone like this. (PS: The animal on the _Building Internet Firewalls_ book is hidden behind the gates. It is a Trojan Horse. I heard this secondhand.)
Petro, Christopher C. petro@suba.com <prefered for any non-list stuff> snow@smoke.suba.com