Re: Re: [ilug-cal] Hacking root password

[suvoraj biswas]

If the hacker be good in GNU/C\C++ programming, and knows the MD5 
algorithm then he can easily create a decryption program and so 
easily can get the root password. So, in that sense, GRUB is also 
insecure.So, I think there should be several encryption algorithms 
and the installer should ask the user to choose from this 
list.Then the hacker can't guess which decryption technique to 
use, though it is very troublesome. Isn't it?
Any comments plz!!
                    -Suvoraj



On Sun, 09 Mar 2003 Sumeet Madhukar Moghe wrote :
On Sun, 2003-03-09 at 03:58, Kaushik Ghose wrote:
> Hi,
> I disagree with the point that lilo is worse than grub because 
of this.
> changing permissions on /etc/lilio.conf resolves this issue.
> RH8.0 at least comes with default root only rw permission for 
lilio.conf
Well wrong again. LILO stores the password in lilo.conf without 
any
encryption. GRUB, on the other hand allows MD5 encryption of 
the
password placed in grub.conf. Hence, even if grub.conf is 
readable, no
one can read the password.
> -kg
/Sumeet
--
-----------------------------------------------------------------------
Sumeet Madhukar Moghe         | 
mailto:[EMAIL PROTECTED]
C/O Mr PK Das, Ghola C Block, | Phone:+ 91 - 33 - 2595 1420
Opposite Checkpost, Sodepur,  |       + 91 - 33 - 2565 7575
Calcutta 700 110 - INDIA      |
Download PGP Pub Key   
http://www.geocities.com/flame_boy_81/pubkey.zip
-----------------------------------------------------------------------

The test of intelligent tinkering is to save all the parts.
                -- Aldo Leopold
--
To unsubscribe, send mail to [EMAIL PROTECTED] with the 
body
"unsubscribe ilug-cal" and an empty subject line.
FAQ: http://www.ilug-cal.org/node.php?id=3


--
To unsubscribe, send mail to [EMAIL PROTECTED] with the body
"unsubscribe ilug-cal" and an empty subject line.
FAQ: http://www.ilug-cal.org/node.php?id=3