Found, a new rootkit
Jeff Vian
jvian10 at charter.net
Wed Apr 5 14:39:09 UTC 2006
On Wed, 2006-04-05 at 21:17 +0800, John Summerfied wrote:
> Les Mikesell wrote:
> > On Tue, 2006-04-04 at 23:04, Mikkel L. Ellertson wrote:
> >
>
> >>You keep copies of the old encrypted passwords around, and compare
> >>the new one to them. If they match, reject the password. After all,
> >>you do that to the current one every time someone tries to log in.
>
> Create a test account, fred.
> Set fred's password to, say, derf.
> Take a note of the encrypted password.
> Change Fred's password to derf.
> Compare with the previous encrypted password. Are they the same?
>
Probably not if you simply do a new encryption as a new password. The
'salt' will be different and thus the encrypted string will be
different.
In fact I just tested it, and even though the password was the same
twice, the encrypted result was different.
However, note one thing.
When a user is logging in, to test the password the system reads the
encrypted password and uses the salt found there to encrypt the given
password before comparing. Thus any comparison with an encrypted
password is done using the embedded salt and the resulting encryption
string will be the same if the password is the same.
Saving an old encrypted password and comparing it to the new password
would thus reveal they are identical in your example even though the
encrypted string in /etc/shadow would be different than the saved one if
it were allowed.
Just my $.02
>
>
>
> --
>
> Cheers
> John
>
> -- spambait
> 1aaaaaaa at computerdatasafe.com.au Z1aaaaaaa at computerdatasafe.com.au
> Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
>
> do not reply off-list
>
More information about the fedora-list
mailing list