[TUHS] Recovered /etc/passwd files
athornton at gmail.com
Thu Oct 10 08:05:29 AEST 2019
It is, if nothing else, a nice example of Moore's Law.
Here's a thing on the distribution tape (at least, I assume it was; happy
to be wrong here) but which was assumed to be fundamentally safe, because
it was computationally infeasible to rainbow-table the hash...so why not
leave your real password hash on the images you gave to the world?
40 years later, it's obviously within the reach of hobbyists spending, I
presume, essentially zero dollars to do the computational work (at least, I
hope no one sunk more than a few bucks on doing it).
...which is why we went to salted passwords, and shadow pw files that hid
the hashes while leaving the other fields available to all users, and more
secure and longer hashes than original crypt(1), quite some time ago.
In fact there's an interesting little essay about the history of that arms
race up until about 33 years ago in the 1986 Unix System Manager's Manual,
Section 18. It's by two guys named Morris and Thompson.
On Wed, Oct 9, 2019 at 2:16 PM Arthur Krewat <krewat at kilonet.net> wrote:
> On 10/9/2019 5:09 PM, Warner Losh wrote:
> > Only if he still uses it for online banking... :)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the TUHS