On Tue, 18 Aug 1998, George Bonser wrote:
> On Wed, 19 Aug 1998, Michael Beattie wrote:
>
> > 2) obtain by whatever method, the hashed/encrypted/whatever password from
> > /etc/shadow.
> >
>
> Stop right there. Since /etc/shadow is readable only by root, if you can
> access the file, you must be root .... right? If you are root, you do not
> NEED a password to access a user's account. You can just become that user.
> You can also create your own user accounts. You can also change the root
> and user passwords or delete the passwords.
>
> In other words ... the whole point is to protect root and keep /etc/shadow
> readable only by root. If you can read the shadow file, you don't need it.
Okay, true, but it was more of a feasability question, "if you can get the
string, is it possible to use the following method to decrypt it??"
Michael Beattie ([EMAIL PROTECTED])
PGP Key available, reply with "pgpkey" as subject.
-----------------------------------------------------------------------------
There is no snooze button on a cat who wants breakfast.
-----------------------------------------------------------------------------
Debian GNU/Linux.... Ooohh You are missing out!
