Bugtraq mailing list archives
Re: Write-only devices (Was read only devices)
From: aleipold () clark net (aleipold () clark net)
Date: Thu, 27 Jun 1996 17:50:52 -0400
I think you should log more than just valid usernames. In logging code
I wrote once I logged all usernames that had one of the following
characteristics:
- existing user
- only alpha numeric characters, starting with an alpha
While that may still log passwords, it only logs weak passwords.
Take it a step further. In messing around with sources to deamons
I figured the best way to do this would be: (note, don't do this on system
with lots of accounts). I knew that a computer (586) can do about 1200
crypts per second. So then I:
while (accountsleft)
oops=crypt(words,salt[a-z]);
if oops=rightpassword then don't syslogit
otherwise:
syslog("oops...");
Current thread:
- Re: Write-only devices (Was read only devices), (continued)
- Re: Write-only devices (Was read only devices) Peter Jeremy (Jun 24)
- Re: Write-only devices (Was read only devices) neill (Jun 24)
- Re: Write-only devices (Was read only devices) Adam Bauer (Jun 25)
- Re: Write-only devices (Was read only devices) Gary Howland (Jun 26)
- Re: Write-only devices (Was read only devices) J.R.Valverde (Jun 27)
- Re: Write-only devices (Was read only devices) Ken Weaverling (Jun 27)
- Re: Write-only devices (Was read only devices) Jonathan Lemon (Jun 27)
- Re: Write-only devices (Was read only devices) Roderick Murchison, Jr. (Jun 27)
- Re: Write-only devices (Was read only devices) Matthew Cable/USA.NET Inc. (Jun 27)
- Re: Write-only devices (Was read only devices) Casper Dik (Jun 27)
- Re: Write-only devices (Was read only devices) aleipold () clark net (Jun 27)
- Re: Write-only devices (Was read only devices) Robert Banz (Jun 28)
- Re: Write-only devices (Was read only devices) Ken Weaverling (Jun 27)
- Re: Write-only devices (Was read only devices) Peter Jeremy (Jun 24)
- Re: Write-only devices (Was read only devices) Valdis.Kletnieks () vt edu (Jun 28)