[TUHS] Recovered /etc/passwd files

Steffen Nurpmeso steffen at sdaoden.eu
Thu Oct 10 09:28:10 AEST 2019 

Adam Thornton wrote in <CAP2nic2g47RBxDhyvrDBSLSnd6j_bNeSfzkWhOShEFFpWMR\
hKA at mail.gmail.com>:
 |It is, if nothing else, a nice example of Moore's Law.
 |
 |Here's a thing on the distribution tape (at least, I assume it was; \
 |happy to be wrong here) but which was assumed to be fundamentally safe, \
 |because it was computationally infeasible to rainbow-table the 
 |hash...so why not leave your real password hash on the images you gave \
 |to the world?
 |
 |40 years later, it's obviously within the reach of hobbyists spending, \
 |I presume, essentially zero dollars to do the computational work (at \
 |least, I hope no one sunk more than a few bucks on doing it).

Solar cells are costly.
No, please do not say zero xy when you are using electronics.
They are anything else but zero cost, not when their resources are
captured, not when they or their assembly lines are built, not when
they are shipped, not when they are used.

Sorry if i bug you, but this day noble prices where given to
people who improved batteries.  Batteries are ok, but we just
started the next race for rare earth and resources, instead of
looking to a really sustainable future.

 |...which is why we went to salted passwords, and shadow pw files that \
 |hid the hashes while leaving the other fields available to all users, \
 |and more secure and longer hashes than original crypt(1), quite 
 |some time ago.
 |
 |In fact there's an interesting little essay about the history of that \
 |arms race up until about 33 years ago in the 1986 Unix System Manager's \
 |Manual, Section 18.  It's by two guys named Morris and 
 |Thompson.

After i have given up on being smart and started to use very long
passwords, entire sentences when i have to type them,

  dd if=/dev/urandom bs=1 count=512 |
  LC_ALL=C tr -cd 'a-zA-Z0-9_.,=@%^+-'

otherwise, i am now in the position to nag web and other
interfaces here and there which restrict password lengths to 8 or
so, and/or which restrict the allowed content.
Now in public.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

More information about the TUHS mailing list