The Unix Heritage Society mailing list
 help / color / Atom feed
* Re: [TUHS] Recovered /etc/passwd files
@ 2019-10-08 18:38 Norman Wilson
  2019-10-08 18:51 ` Arthur Krewat
  2019-10-08 20:52 ` Dave Horsfall
  0 siblings, 2 replies; 63+ messages in thread
From: Norman Wilson @ 2019-10-08 18:38 UTC (permalink / raw)
  To: tuhs

Back in the heyday of uucp, some sites were lazy and allowed
uucico access to any file in the file system (that was accessible
to the uucp user).  A common ploy for white hats and black hats
was to try
	uucp remotesys!/etc/passwd ~/remotesys
or the like, and see what came in and whether it had any easy
hashes (shadow password files didn't quite exist yet).

The system known to the uucp world as research! was more
careful: / was mapped to /usr/spool/uucp.  We left a phony
etc/passwd file there, containing plausible-looking entries
with hashes that, if cracked, spelled out

	why
	are
	you
	wasting
	your
	time

I don't remember whether anyone ever stole it by uucp, though
I think Bill Cheswick used it to set up the phony system
environment for Berferd to play in (Google for `cheswick berferd'
if you don't know the story).

Norman Wilson
Toronto ON

^ permalink raw reply	[flat|nested] 63+ messages in thread
* Re: [TUHS] Recovered /etc/passwd files
@ 2019-10-19 13:45 Norman Wilson
  2019-10-19 20:27 ` ewe2
  0 siblings, 1 reply; 63+ messages in thread
From: Norman Wilson @ 2019-10-19 13:45 UTC (permalink / raw)
  To: tuhs

I'm amused (in a good way) that this thread persists, and
without becoming boring.

Speaking as someone who was Ken's sysadmin for six years,
I find it hard to get upset over someone cracking a password
hash that has been out in the open for decades, using an
algorithm that became pragmatically unsafe slightly fewer
decades ago.  It really shouldn't be in use anywhere any
more anyway.  Were I still Ken's sysadmin I'd have leaned
on him to change it long ago.

So far as I know, my password from that era didn't escape
the Labs, but nevertheless I abandoned it long ago--when
I left the Labs myself, in fact.

I do have one password that has been unchanged since the
mid-1990s and is stored in heritage hash on a few computers
that don't even have /etc/shadow, but those are not public
systems.  And it's probably time I changed it anyway.

None of this is to excuse the creeps who steal passwords
these days, nor to promote complacency.  At the place I now
work we had a possible /etc/shadow exposure some years back,
and we reacted by pushing everyone to change their passwords
and also by taking various measures to keep even the hashes
better-hidden.  But there is, or should be, a difference
between a password that is still in use and one that was exposed
so long ago, and in what is now so trivial an algorithm, that
it is no more than a puzzle for fans of the old-fart days.

Norman Wilson
Toronto ON

^ permalink raw reply	[flat|nested] 63+ messages in thread
* [TUHS] Recovered /etc/passwd files
@ 2019-10-03 18:51 Finn O'Leary
  2019-10-03 19:30 ` Leah Neukirchen
  2019-10-05 17:29 ` Michael Kjörling
  0 siblings, 2 replies; 63+ messages in thread
From: Finn O'Leary @ 2019-10-03 18:51 UTC (permalink / raw)
  To: The Eunuchs Hysterical Society

Hi, I remember that someone had recovered some ancient /etc/passwd files
and had decrypted(?) them, and I remember reading that either ken or 
dmr's
password was something interesting like './,..,/' (it was entirely
punctuation characters, was around three different characters in total, 
and
was pretty damn short). I've tried to find this since, as a friend was
interested in it, and I cannot for the life of me find it!

Do any of you remember or have a link? :)
Thanks!

--
"Too enough is always not much!"

^ permalink raw reply	[flat|nested] 63+ messages in thread

end of thread, back to index

Thread overview: 63+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-08 18:38 [TUHS] Recovered /etc/passwd files Norman Wilson
2019-10-08 18:51 ` Arthur Krewat
2019-10-08 21:02   ` Dave Horsfall
2019-10-08 21:22     ` Arthur Krewat
2019-10-09  5:49       ` Nigel Williams
2019-10-09  5:52         ` Nigel Williams
2019-10-09  6:00           ` Warner Losh
2019-10-09  8:16             ` Andy Kosela
2019-10-09  8:53               ` Ken Thompson via TUHS
2019-10-09  9:16                 ` Leah Neukirchen
2019-10-09 23:04           ` Dave Horsfall
2019-10-10  6:31             ` Vincenzo Nicosia
2019-10-09 19:59         ` Rob Pike
2019-10-09 20:09           ` Kurt H Maier
2019-10-09 21:05             ` Bakul Shah
2019-10-09 21:09               ` Warner Losh
2019-10-09 21:16                 ` Arthur Krewat
2019-10-09 22:05                   ` Adam Thornton
2019-10-09 23:28                     ` Steffen Nurpmeso
2019-10-11 12:28             ` Anthony Martin
2019-10-09 20:14           ` Arthur Krewat
2019-10-10 20:24           ` Clem Cole
2019-10-10 20:38             ` Nemo
2019-10-10 20:52               ` John P. Linderman
2019-10-11  6:24               ` Dave Horsfall
2019-10-11 11:09                 ` William Pechter
2019-10-11 23:46           ` Finn O'Leary
2019-10-12  0:21             ` Arthur Krewat
2019-10-10  8:21         ` Dan Cross
2019-10-10 11:58           ` Arthur Krewat
2019-10-10 12:07             ` Leah Neukirchen
2019-10-18 14:34               ` Arthur Krewat
2019-10-18 15:01                 ` Royce Williams
2019-10-18 15:05                   ` Royce Williams
2019-10-18 18:32                   ` Royce Williams
2019-10-19 13:11                     ` John P. Linderman
2019-10-10 13:57           ` Henry Bent
2019-10-10 14:05             ` Arthur Krewat
2019-10-15 16:32               ` Michael Kjörling
2019-10-10 14:10             ` Leah Neukirchen
2019-10-11  2:49             ` Dave Horsfall
2019-10-08 20:52 ` Dave Horsfall
2019-10-08 21:15   ` Michael Kjörling
  -- strict thread matches above, loose matches on Subject: below --
2019-10-19 13:45 Norman Wilson
2019-10-19 20:27 ` ewe2
2019-10-19 20:41   ` Arthur Krewat
2019-10-03 18:51 Finn O'Leary
2019-10-03 19:30 ` Leah Neukirchen
2019-10-03 20:41   ` Finn O'Leary
2019-10-03 22:04     ` Steffen Nurpmeso
2019-10-03 23:24     ` Dave Horsfall
2019-10-04  0:59       ` WIlliam Cheswick
2019-10-04 16:08         ` Arthur Krewat
2019-10-04 10:29       ` Leah Neukirchen
2019-10-04 15:05         ` Ken Thompson via TUHS
2019-10-05 18:05   ` Tom Jones
2019-10-08 17:38     ` Arthur Krewat
2019-10-08 20:40       ` Dave Horsfall
2019-10-08 20:57         ` Arthur Krewat
2019-10-09 12:55       ` Leah Neukirchen
2019-10-09 16:17         ` Arthur Krewat
2019-10-05 17:29 ` Michael Kjörling
2019-10-05 17:49   ` Arthur Krewat

The Unix Heritage Society mailing list

Archives are clonable: git clone --mirror http://inbox.vuxu.org/tuhs

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.tuhs


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git