Bugtraq mailing list archives
Re: Write-only devices (Was read only devices)
From: banz () nolimit110 com (Robert Banz)
Date: Fri, 28 Jun 1996 11:42:59 -0400
On Thu, 27 Jun 1996 aleipold () clark net wrote:
I think you should log more than just valid usernames. In logging code I wrote once I logged all usernames that had one of the following characteristics: - existing user - only alpha numeric characters, starting with an alpha While that may still log passwords, it only logs weak passwords.Take it a step further. In messing around with sources to deamons I figured the best way to do this would be: (note, don't do this on system with lots of accounts). I knew that a computer (586) can do about 1200 crypts per second. So then I: while (accountsleft) oops=crypt(words,salt[a-z]); if oops=rightpassword then don't syslogit otherwise: syslog("oops...");
Wouldn't work if you're using a system with either 13000 users or using some other method of authentication for logins (such as kerberos). Hense, it's a really good idea(tm) for your syslog to be readable only by root, or a certain 'special' group of people. (also good to let your users know that they should read before they type, but you know how much good that does)
Current thread:
- Re: Write-only devices (Was read only devices), (continued)
- Re: Write-only devices (Was read only devices) neill (Jun 24)
- Re: Write-only devices (Was read only devices) Adam Bauer (Jun 25)
- Re: Write-only devices (Was read only devices) Gary Howland (Jun 26)
- Re: Write-only devices (Was read only devices) J.R.Valverde (Jun 27)
- Re: Write-only devices (Was read only devices) Ken Weaverling (Jun 27)
- Re: Write-only devices (Was read only devices) Jonathan Lemon (Jun 27)
- Re: Write-only devices (Was read only devices) Roderick Murchison, Jr. (Jun 27)
- Re: Write-only devices (Was read only devices) Matthew Cable/USA.NET Inc. (Jun 27)
- Re: Write-only devices (Was read only devices) Casper Dik (Jun 27)
- Re: Write-only devices (Was read only devices) aleipold () clark net (Jun 27)
- Re: Write-only devices (Was read only devices) Robert Banz (Jun 28)
- Re: Write-only devices (Was read only devices) Ken Weaverling (Jun 27)
- Re: Write-only devices (Was read only devices) Valdis.Kletnieks () vt edu (Jun 28)