Subject: Re: [netatalk-admins] shared Logins on UNIX/Mac?
From: Bill Studenmund (skippy@macro.stanford.edu)
Date: Sat Sep 12 1998 - 13:04:11 EDT
On Wed, 12 Aug 1998, Jonathan Benson wrote:
> > This can't be done. MacOS *does* encrypt passwords while they're on
> > the wire. It uses what they call RandNum which involves the exchange
> > of a random number which is hashed using the password as a key. The
> > same passwords will hash the randnum identically. I expect that
> > RandNum would be reasonably hard to compromise, though I've never
> > really thought very hard about it.
>
> This can in fact be done. I had a user here who had a program that
> allowed him to see the passwords people were using to connect to file
> shares on the various Macs in here. I forget the details as he was
> someone I could trust and has since left.
What kind of file servers were they? Specifically, if the login screen
said the password was "2 way encrypted" and you were able to read it, then
you should have informed Apple - that'd be big news. If, however, the
login said the password was "Clear Text," well, you just learned the
definition of clear text. ;-)
Stealling clear text passwrods w/ a sniffer should be trivial. The one
protection would be that most cracker sniffing programs won't be looking
for them. The ones we've seen look at specific IP protocols.
Take care,
Bill
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:33:16 EST