From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tuhs-bounces@minnie.tuhs.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no
	version=3.4.2
Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53])
	by inbox.vuxu.org (OpenSMTPD) with ESMTP id 947f391c
	for <ml@inbox.vuxu.org>;
	Wed, 9 Oct 2019 23:28:23 +0000 (UTC)
Received: by minnie.tuhs.org (Postfix, from userid 112)
	id 680B29475E; Thu, 10 Oct 2019 09:28:22 +1000 (AEST)
Received: from minnie.tuhs.org (localhost [127.0.0.1])
	by minnie.tuhs.org (Postfix) with ESMTP id B609C93D40;
	Thu, 10 Oct 2019 09:28:15 +1000 (AEST)
Received: by minnie.tuhs.org (Postfix, from userid 112)
 id 19DF593D40; Thu, 10 Oct 2019 09:28:14 +1000 (AEST)
Received: from sdaoden.eu (sdaoden.eu [217.144.132.164])
 by minnie.tuhs.org (Postfix) with ESMTPS id 65ECB93D09
 for <tuhs@minnie.tuhs.org>; Thu, 10 Oct 2019 09:28:13 +1000 (AEST)
Received: by sdaoden.eu (Postfix, from userid 1000)
 id C1F2516054; Thu, 10 Oct 2019 01:28:11 +0200 (CEST)
Date: Thu, 10 Oct 2019 01:28:10 +0200
From: Steffen Nurpmeso <steffen@sdaoden.eu>
To: Adam Thornton <athornton@gmail.com>
Message-ID: <20191009232810.82G40%steffen@sdaoden.eu>
In-Reply-To: <CAP2nic2g47RBxDhyvrDBSLSnd6j_bNeSfzkWhOShEFFpWMRhKA@mail.gmail.com>
References: <1570559927.29337.for-standards-violators@oclsc.org>
 <2e6e1005-3bbf-5dcc-3fcc-099864c752dc@kilonet.net>
 <alpine.BSF.2.21.9999.1910090753420.52199@aneurin.horsfall.org>
 <8088e5bd-3530-d3e1-8066-db6ea9389dea@kilonet.net>
 <CACCFpdx_6oeyNkgH_5jgfxbxWbZ6VtOXQNKOsonHPF2=747ZOw@mail.gmail.com>
 <CAKzdPgw0Vz8UFbK7c_Jr+RHGMssSxN=t8W36J0FMTPt5w+wkgA@mail.gmail.com>
 <20191009200942.GA73878@wopr>
 <20191009210513.B3660156E80B@mail.bitblocks.com>
 <CANCZdfqKJ4g-J8Q-5rmbzOigTOAaSxxDfOb9CUQkaH7YYKiHQg@mail.gmail.com>
 <3a088340-49bd-b828-cd38-99b35e39ae42@kilonet.net>
 <CAP2nic2g47RBxDhyvrDBSLSnd6j_bNeSfzkWhOShEFFpWMRhKA@mail.gmail.com>
Mail-Followup-To: Adam Thornton <athornton@gmail.com>,
 Arthur Krewat <krewat@kilonet.net>, tuhs@minnie.tuhs.org
User-Agent: s-nail v14.9.15-122-g3eefadce
OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD;
 url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt
BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in
 the world can make no bugs.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [TUHS] Recovered /etc/passwd files
X-BeenThere: tuhs@minnie.tuhs.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: The Unix Heritage Society mailing list <tuhs.minnie.tuhs.org>
List-Unsubscribe: <https://minnie.tuhs.org/cgi-bin/mailman/options/tuhs>,
 <mailto:tuhs-request@minnie.tuhs.org?subject=unsubscribe>
List-Archive: <http://minnie.tuhs.org/pipermail/tuhs/>
List-Post: <mailto:tuhs@minnie.tuhs.org>
List-Help: <mailto:tuhs-request@minnie.tuhs.org?subject=help>
List-Subscribe: <https://minnie.tuhs.org/cgi-bin/mailman/listinfo/tuhs>,
 <mailto:tuhs-request@minnie.tuhs.org?subject=subscribe>
Cc: tuhs@minnie.tuhs.org
Errors-To: tuhs-bounces@minnie.tuhs.org
Sender: "TUHS" <tuhs-bounces@minnie.tuhs.org>

Adam Thornton wrote in <CAP2nic2g47RBxDhyvrDBSLSnd6j_bNeSfzkWhOShEFFpWMR\
hKA@mail.gmail.com>:
 |It is, if nothing else, a nice example of Moore's Law.
 |
 |Here's a thing on the distribution tape (at least, I assume it was; \
 |happy to be wrong here) but which was assumed to be fundamentally safe, \
 |because it was computationally infeasible to rainbow-table the=20
 |hash...so why not leave your real password hash on the images you gave \
 |to the world?
 |
 |40 years later, it's obviously within the reach of hobbyists spending, \
 |I presume, essentially zero dollars to do the computational work (at \
 |least, I hope no one sunk more than a few bucks on doing it).

Solar cells are costly.
No, please do not say zero xy when you are using electronics.
They are anything else but zero cost, not when their resources are
captured, not when they or their assembly lines are built, not when
they are shipped, not when they are used.

Sorry if i bug you, but this day noble prices where given to
people who improved batteries.  Batteries are ok, but we just
started the next race for rare earth and resources, instead of
looking to a really sustainable future.

 |...which is why we went to salted passwords, and shadow pw files that \
 |hid the hashes while leaving the other fields available to all users, \
 |and more secure and longer hashes than original crypt(1), quite=20
 |some time ago.
 |
 |In fact there's an interesting little essay about the history of that \
 |arms race up until about 33 years ago in the 1986 Unix System Manager's \
 |Manual, Section 18.=C2=A0 It's by two guys named Morris and=20
 |Thompson.

After i have given up on being smart and started to use very long
passwords, entire sentences when i have to type them,

  dd if=3D/dev/urandom bs=3D1 count=3D512 |
  LC_ALL=3DC tr -cd 'a-zA-Z0-9_.,=3D@%^+-'

otherwise, i am now in the position to nag web and other
interfaces here and there which restrict password lengths to 8 or
so, and/or which restrict the allowed content.
Now in public.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)