> You example only works if you are actually on the box > already. Sort of silly > really.
It was meant to be silly. It was meant to be silly and highlight that breaking into a Solaris system can happen in the stupidest ways possible. > Also, I always edit /etc/security/policy.conf to use > MD5 hashs in the > /etc/shadow so even if someone were to gain access to > the hard drive they > would have a super tough time getting a valid > password. Once they do, they > rae stuck with key exchange access anyways. I have to dissapoint you again: MD5 has been broken and can no longer be considered safe: "In 2004, more serious flaws were discovered making further use of the algorithm for security purposes questionable." http://en.wikipedia.org/wiki/MD5 "In this paper, we present an improved attack algorithm to find two-block collisions of the hash function MD5. The attack uses the same differential path of MD5 and the set of sufficient conditions that was presented by Wang et al. We present a new technique which allows us to deterministically fulfill restrictions to properly rotate the differentials in the first round. We will present a new algorithm to find the first block and we will use an algorithm of Klima to find the second block." http://www.win.tue.nl/hashclash/fastcoll.pdf Since you're good at math, reading that paper up there should be right up your alley. > So .. I feel better about Solaris and its > hack-ability. Not worse. Still? This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list [email protected]
