Solaris security question

Discussion in 'OT Technology' started by trouphaz, Jun 11, 2009.

  1. trouphaz

    trouphaz New Member

    Joined:
    Sep 22, 2003
    Messages:
    2,666
    Likes Received:
    0
    If someone gets their hands on the /etc/shadow file from a Solaris 10 machine, how hard is it to crack the passwords? We have auditors asking us to email them a copy of our /etc/shadow files for some production hosts and I am not comfortable providing it, especially across email. I want to arm myself with as much ammo as possible to stop it.
     
  2. cp5184

    cp5184 New Member

    Joined:
    May 9, 2009
    Messages:
    277
    Likes Received:
    0
    this is the best my googlefu could come up with
    http://www.google.com/url?sa=t&sour...rength&usg=AFQjCNHLvsfZ-fZco8yoRlgRm_Ho0Uxnpg
    seems like it's a legit request for auditors, couldn't find specifics about the cryptographic strength of them.

    what I'd probably do is copy the shadow file, change all the passwords, then email them the stale data. if they find weak passwords you'll probably need to change all pws a second time this time with better pws.
     
  3. trouphaz

    trouphaz New Member

    Joined:
    Sep 22, 2003
    Messages:
    2,666
    Likes Received:
    0
    actually, that's a good idea. my original idea was to just edit the encrypted passwords so they were garbage, but it would be funny to see if they could crack the passwords and then prove they were useless.
     

Share This Page