Security Incidents mailing list archives
Re: 33 character encrypted passwords in /etc/shadow
From: Ben Boulanger <ben () blackavar com>
Date: Fri, 28 Jun 2002 12:08:10 -0400 (EDT)
On Thu, 27 Jun 2002, Mike Denka wrote:
Suddenly I'm seeing a few 33 character encrypted passwords showing up in my /etc/shadow files on several Linux machines. And on at least one of them, some of us whose entries have inexplicably changed from 13 characters to 34 characters can no longer ssh in. First, has anyone heard of any kind of rootkit or other intrusion that has this symptom? Second, what's the easiest way to get a known good md5sum of a linux distribution binary like /usr/sbin/passwd? Solaris has a nice web site that will accept an md5sum and spit out the binary that matches it. Any quick and easy way to do the same for various redhat distributions?
The 34(maybe 33?) character password is RedHat's (possibly all linux's) new password encryption. Not sure if it's still crypt or what, but it's legit. The fastest way to verify changes to files in an rpm is with a command like: rpm -qas | grep -v ^normal This queries all installed RPMs, and shows you the state of each file. The -v ^normal yanks the files that haven't changed out of STDOUT for you. Ben -- Flies never visit an egg that has no crack. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- 33 character encrypted passwords in /etc/shadow Mike Denka (Jun 28)
- Re: 33 character encrypted passwords in /etc/shadow zeno (Jun 28)
- Re: 33 character encrypted passwords in /etc/shadow Ben Boulanger (Jun 28)
- Re: 33 character encrypted passwords in /etc/shadow Stephen Smoogen (Jun 28)
- <Possible follow-ups>
- FW: 33 character encrypted passwords in /etc/shadow Mike Denka (Jun 28)
- Re: FW: 33 character encrypted passwords in /etc/shadow Paul Gear (Jun 29)