Bugtraq mailing list archives
Re: Weakness in some linux versions of adduser.
From: adpowers () tuba aix calpoly edu (Adam Powers)
Date: Sun, 8 Dec 1996 22:55:14 -0800
Comments? I would like to see some statistics from some larger sites... I just used cut and uniq -c on the password file to generate these, if someone wants to do some better statistical analysis I would apprecitate their findings.
i noticed this some time ago when i wrote a password cracking program that used a hash file to look up the accounts to compare encryptions. (where the salt was used as the key.) i resolved hash collisions by chaining, and wrote a quick check to see how long my chains ended up being. for my site (calpoly.edu) with 20,000 accounts (password file aprox. 2 megs) i noticed a rather large chain (1000+ entries). moreover, i noticed that all the hashes were grouped near the middle. eg- there were about 300 blank entries, then about 1000 full entries, and the rest were blank. (i don't know how close those numbers are.) it appeared to be some kind of inverse bell curve.. any ideas for that one? :) -A
Current thread:
- Re: Weakness in some linux versions of adduser. Alan Brown (Dec 08)
- <Possible follow-ups>
- Re: Weakness in some linux versions of adduser. Adam Powers (Dec 08)
- Re: Weakness in some linux versions of adduser. Scriptors of DOOM (Dec 08)