I haven't seen this mentioned here before, but it looks like the people playing with the iOpener (effectively a $99 PC once you bypass a few hurdles set up by the manufacturer) have managed to reverse the QNX version of crypt(), which is a homebrew (and insecure) algorithm rather than a real crypt(). Source code is at http://i-opener-linux.net/decrypt. The iOpener discussion board, http://www.kenseglerdesigns.com/cgi-bin/UltraBoard/ \ UltraBoard.pl?Action=ShowPost&Board=technical&Post=481 has a number of messages in which people are posting (nontrivial) QNX root passwords (things like 'osiw$6.4' and 'e0FGglvv', ie not ones which are been brute-forced). Pretty much every QNX system, not just the iOpener, would be vulnerable to this. Ouch. Peter.
