Plz tell me where I'm wrong:
Linux is open source --> The Code which encrypts the login password is freely available --> A Baddie looks at the code and finds out the algorithm --> cat /etc/passwd | grep root --> Voila! the baddie has root password.
Of course this does not happen How does Linux manage to be secure inspite of being open source?
On Sat, Mar 30, 2002 at 05:28:29PM +0530, Nikhil Joshi wrote:
Plz tell me where I'm wrong:
Linux is open source --> The Code which encrypts the login password is freely available --> A Baddie looks at the code and finds out the algorithm --> cat /etc/passwd | grep root --> Voila! the baddie has root password.
Of course this does not happen How does Linux manage to be secure inspite of being open source?
Well, you probably haven't programmed, it looks.
It's not so simple. In fact, it's NOT AT ALL simple.
The encryption is one-way! There's no known algorithm that can get back the password for you.
hth.
Today @ 5:31pm Ravindra Jaju wrote:
The encryption is one-way! There's no known algorithm that can get back the password for you.
http://geocities.com/supercracks2000/tools/snitch.zip
It recovers dialup passwords from windows (9X)
On Sat, Mar 30, 2002 at 06:32:40PM +0530, Nikhil Joshi wrote:
Today @ 5:31pm Ravindra Jaju wrote:
The encryption is one-way! There's no known algorithm that can get back the password for you.
http://geocities.com/supercracks2000/tools/snitch.zip
It recovers dialup passwords from windows (9X)
Yeah, forgot to mention - by the algorithm, I meant the md5 hashing scheme. Of course, there are too many algorithms, which might be harder to crack, or simple nuts.
Sometime on Mar 30, Nikhil Joshi assembled some asciibets to say:
The encryption is one-way! There's no known algorithm that can get back the password for you.
http://geocities.com/supercracks2000/tools/snitch.zip
It recovers dialup passwords from windows (9X)
passwords in win 9x use very weak encryption. all passwords are stored in the user's .pwl file, and are encrypted using the user name as the encryption key. The funny thing is, in windows, the pwl filename is the username (in most cases). So all the cracker has to do is use the file name (sans .pwl) as the key, and decrypt it.
Again, the pwl file's encryption is necessarily decryptable. It is not a one way function. This is so because the dial-up password needs to be sent unencrypted to the dial-up server - hence windows itself needs to be able to decrypt this password before sending.
Also, win NT domain passwords may have to be sent unencrypted if the server is configured that way.
--- Nikhil Joshi nikhiljoshi@subdimension.com wrote:
Today @ 5:31pm Ravindra Jaju wrote:
The encryption is one-way! There's no known algorithm that can get
back
the password for you.
http://geocities.com/supercracks2000/tools/snitch.zip
It recovers dialup passwords from windows (9X)
Errr ... was the original question about encryption in windows? ;-)
Does windows use one-way encryption to store passwords? Of course not, otherwise how will it automatically know the password when you log in again? Are you sure you carefully read Jaju's answer and figured out what _one way_ encryption means???
SameerDS.
===== -- MTech Student Reconfigurable Computing Lab KReSIT, IIT-Bombay
__________________________________________________ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/
Today @ 5:31pm Ravindra Jaju wrote:
The encryption is one-way! There's no known algorithm that can get back the password for you.
Umm.. Can I get some algos which encrypt in one way ? I know some basic C and Assembly programming. Infact can I specifically get the algo which encrypts the password in Linux?
On Sat, Mar 30, 2002 at 06:51:43PM +0530, Nikhil Joshi wrote:
Umm.. Can I get some algos which encrypt in one way ? I know some basic C and Assembly programming. Infact can I specifically get the algo which encrypts the password in Linux?
well, google search should be your friend.
On Saturday 30 March 2002 06:53 pm, Ravindra Jaju wrote:
On Sat, Mar 30, 2002 at 06:51:43PM +0530, Nikhil Joshi wrote:
Umm.. Can I get some algos which encrypt in one way ? I know some basic C and Assembly programming. Infact can I specifically get the algo which encrypts the password in Linux?
well no OS is completly safe Yous Machine is unsafe as soon as its turn on. only the diffculty level of system security can be incresed sachin
Sometime on Mar 30, Nikhil Joshi assembled some asciibets to say:
Linux is open source --> The Code which encrypts the login password is freely available --> A Baddie looks at the code and finds out the algorithm --> cat /etc/passwd | grep root --> Voila! the baddie has root password.
Well, you have two questions.
First correction, linux is free software, not open source software. This is so because it is released under the GPL and not under something like MIT or BSD.
1. How does making the source available for inspection make it secure?
Since the source is available for inspection, baddies can look at it, goodies (?) also look at it. They find holes in it and possibly fix them or report them to the author. So many people looking at the code tends to fix holes rather quickly. Quicker in fact than it takes the baddies to get the word around that the hole exists.
2. Even knowing the password algorithm (which is MD5 btw), it is impossible to decrypt it. The older encryption used crypt, which was weaker, but still impossible to decrypt. These are one way mathematical functions that convert a given sequence of characters into another. These functions are required to be non-invertible (if you're a math student, that should make sense).
Passwords can be guessed however. And knowing the encryption algorithm, all you have to do is encrypt every password you can think of, and compare the two encrypted strings. If they match, you've got your password.
Obviously, if someone uses a dictionary word, a simple dictionary attack will get the password.
Random strings are harder to get, but still possible with a brute force approach (a cracker that tries every combination of n letters, digits and special characters that exist). This however takes very long and is not feasible for most.
Philip
Today @ 3:22am Philip S Tellis wrote:
impossible to decrypt it. The older encryption used crypt, which was weaker, but still impossible to decrypt. These are one way mathematical functions that convert a given sequence of characters into another. These functions are required to be non-invertible (if you're a math student, that should make sense).
I guess I'm getting the picture (My math is weak tho ;) Thx Philip for clearing my doubt.
P.S. 3.22am ??
Sometime Today, Nikhil Joshi assembled some asciibets to say:
These functions are required to be non-invertible (if you're a math student, that should make sense).
I guess I'm getting the picture (My math is weak tho ;)
Ok, for non-math students, here's a small tutorial:
f(x) = 3x
means, if we have x, we can find f(x).
also, this function is invertible, since we can say x = f(x) / 3
we'd write this as f^-1(y) = y/3 (that's f inverse y).
so if we know f(x), we can find out x.
Some functions however, are not invertible,
like f(x) = x^x (at least I think it is non-invertible).
Thus, if you have x, you can get f(x), but if you have f(x), you cannot get x.
P.S. 3.22am ??
:) Post party time. It's funny what a couple of beers can do.
Today @ 3:22am Philip S Tellis wrote:
First correction, linux is free software, not open source software. This is so because it is released under the GPL and not under something like MIT or BSD.
Ah.. I would like to clear this doubt once and for all. Can anyone please give a definition of Linux? Please give a technical definition (highlighting its licensing policy and features) and not like Linux: The best OS around.
I would be happy if the experienced members (Philip,Satya,Sameer,Trevor...) give their definition of Linux. Please don't give references of websites. I would like to have YOUR definition of Linux.
--- Nikhil Joshi nikhiljoshi@subdimension.com wrote:
I would be happy if the experienced members (Philip,Satya,Sameer,Trevor...)
ducking under a flame proof cover! O gods of the list! Spare me!! :-))
give their definition of Linux.
I can't help it ... I have to give you a URL ... why re-invent the wheel?
http://www.gnu.org/gnu/linux-and-gnu.html
Linux, the kernel is also free software just as GNU the whole system. GNU GPL is a license that guarantees you freedom, as in free speech, in terms of software. I don't know what more I could say ...
Check out the following place for more about the philosophy: http://www.gnu.org/philosophy/free-sw.html
In fact the whole damn folder is interesting ... http://www.gnu.org/philosophy/
HTH, SameerDS.
===== -- MTech Student Reconfigurable Computing Lab KReSIT, IIT-Bombay
__________________________________________________ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/
Sometime Today, Nikhil Joshi assembled some asciibets to say:
Can anyone please give a definition of Linux? Please give a technical definition (highlighting its licensing policy and features) and not like Linux: The best OS around.
Linux: A (fully?) POSIX compliant, monolithic operating system kernel written for a wide variety of architectures, and released to the public under the terms of the GNU General Public Licence.
On Mar 31, 2002 at 14:00, Nikhil Joshi wrote:
Can anyone please give a definition of Linux? Please give a technical definition (highlighting its licensing policy and features) and not like Linux: The best OS around.
The best OS? Heck, no.
Linux is, by the CS definition, an OS. Only. It provides the usual things that an OS provides: scheduling, filesystems, system calls, threading, and whatnot. Hardware interface. It is the basic kernel and modules code as released by Linus. Anything you add in to it, even if you add to the kernel code, is technically part of the OS but not part of Linux until Linus approves it.
I see some confusion in the previous paragraph about the OS and the Linux part of the OS. You can start with the Linux source code (by definition, kernel source code), and if you hack taht on your own or add third-party code, it is Linux derived. It wuold still be Linux, except that Linus needs to approve it.
GNOME, KDE, Pine, sendmail, gcc, ls, etc. are not Linux. They're GNU (or whoever) tools which happen to work with Linux.
Yesterday @ 12:39pm Satya wrote:
The best OS? Heck, no.
:)
modules code as released by Linus. Anything you add in to it, even if you add to the kernel code, is technically part of the OS but not part of Linux until Linus approves it.
sort of Linux : © Linus Torvalds?
--- Nikhil Joshi nikhiljoshi@subdimension.com wrote:
Linux : � Linus Torvalds?
Yes! Definitely! All GPL'ed code is copyrighted by somebody (usually the authors or the FSF). But people are free to use it according to the copyleft terms.
SameerDS.
===== -- MTech Student Reconfigurable Computing Lab KReSIT, IIT-Bombay
__________________________________________________ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/
--- Satya satyap@satya.virtualave.net wrote:
GNOME, KDE, Pine, sendmail, gcc, ls, etc. are not Linux. They're GNU (or whoever) tools which happen to work with Linux.
Don't you think that it is easier to say that what you use is the GNU operating system, where Linux just happens to be the kernel? I don't think there are many other OS's that use Linux as the kernel. Heck, once HURD is properly introduced, there will be people who will have a GNU system but no Linux at all!
SameerDS.
===== -- MTech Student Reconfigurable Computing Lab KReSIT, IIT-Bombay
__________________________________________________ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/
On Mar 31, 2002 at 23:29, Sameer D. Sahasrabuddhe wrote:
--- Satya satyap@satya.virtualave.net wrote:
GNOME, KDE, Pine, sendmail, gcc, ls, etc. are not Linux. They're GNU (or whoever) tools which happen to work with Linux.
Don't you think that it is easier to say that what you use is the GNU
I don't know about "easier". You're stating something else, and your statement may be stating the converse of my statement. Both are true.
operating system, where Linux just happens to be the kernel? I don't
No, it's not. The OS is the kernel, everything else is in userspace.
think there are many other OS's that use Linux as the kernel. Heck,
No, then those OSen would also be Linux. You are referring to Redhat, Debian, SuSE, Mandrake, Caldera, etc.
once HURD is properly introduced, there will be people who will have a GNU system but no Linux at all!
Yup, that's right. The GNU stuff that comes with a typical Linux distro is compiled against Linux kernel headers and with Linux ways of doing things, and so works with Linux. I think libc is GNU, isn't it? Assuming it is, it would have to be compiled against a Linux kernel to work on Linux.
--- Satya satyap@satya.virtualave.net wrote:
No, it's not. The OS is the kernel, everything else is in userspace.
I can't help it ... I just have to keep posting URL's everytime ... here's another one :-)
"There really is a Linux; it is a kernel, and these people are using it. But you can't use a kernel by itself; a kernel is useful only as part of a whole operating system. Linux is normally used in a combination with the GNU operating system: the system is basically GNU, with Linux functioning as the kernel."
You must have guessed where this comes from, but anyways: http://www.gnu.org/gnu/linux-and-gnu.html
No, then those OSen would also be Linux. You are referring to Redhat, Debian, SuSE, Mandrake, Caldera, etc.
Now you are confused ... they are GNU/Linux distros!
SameerDS.
===== -- MTech Student Reconfigurable Computing Lab KReSIT, IIT-Bombay
__________________________________________________ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/
Looks like Linus is planning to leave Linux leadership. See his posting at
http://www.uwsg.iu.edu/hypermail/linux/kernel/0204.0/0004.html
Niraj
===== Visit my webpage at http://www.niraj.4t.com
__________________________________________________ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/
Today @ 6:49am Niraj Kumar wrote:
Looks like Linus is planning to leave Linux leadership. See his posting at
http://www.uwsg.iu.edu/hypermail/linux/kernel/0204.0/0004.html
Ahh.. dear look at today's date visit http://www.uwsg.iu.edu/hypermail/linux/kernel/0204.0/0007.html
hi there i am not very confident about the conversion of the fonts from windows to the LINUX can any body help me out in this reargds i have tried 3-4 times and screwd the font server [the xfs ] it results in crashing of X and says Error : no default font found !!
so if u have the answer then be very specific and tell me in steps. beacuse i was very confuse when i read some atrical on the same topic it has used ttf2bdf and other 3-4 utilities to convert font .
thanx in advance
sachin
On Mon, 1 Apr 2002, sachin wrote:
i am not very confident about the conversion of the fonts from windows to the LINUX
don't convert them. xfs (and all current X Servers) can render TTFs natively. you don't need to do anything other than copy them and ttmkfdir in /usr/sbin
On Apr 1, 2002 at 02:05, Sameer D. Sahasrabuddhe wrote:
--- Satya satyap@satya.virtualave.net wrote:
No, it's not. The OS is the kernel, everything else is in userspace.
I can't help it ... I just have to keep posting URL's everytime ... here's another one :-)
"There really is a Linux; it is a kernel, and these people are using
Pretty much what I said.
it. But you can't use a kernel by itself; a kernel is useful only as
Hmm, sounds GNUish.
<tweety>I did, I did see a GNUy-tat!</tweety>
No, then those OSen would also be Linux. You are referring to Redhat, Debian, SuSE, Mandrake, Caldera, etc.
Now you are confused ... they are GNU/Linux distros!
So they are. (RMS may be okay with saying "GL" when speaking.)
--- Satya satyap@satya.virtualave.net wrote:
So they are. (RMS may be okay with saying "GL" when speaking.)
Hmmmm ... he never really answered that question, do you remember? He choked on the paneer-tikka instead!
SameerDS.
===== -- MTech Student Reconfigurable Computing Lab KReSIT, IIT-Bombay
__________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://http://taxes.yahoo.com/
On Apr 1, 2002 at 20:05, Sameer D. Sahasrabuddhe wrote:
--- Satya satyap@satya.virtualave.net wrote:
So they are. (RMS may be okay with saying "GL" when speaking.)
Hmmmm ... he never really answered that question, do you remember? He choked on the paneer-tikka instead!
Heehee, I thought he sort of nodded.
On Mon, 1 Apr 2002, Satya wrote:
Satya. URL:http://satya.virtualave.net/ Romulan warbird decloaking&*(^*)$#%^NO CARRIER
Ha ha ha ha ha.
--- Nikhil Joshi nikhiljoshi@subdimension.com wrote:
Plz tell me where I'm wrong:
[snip] I will........betcha...;)
Linux is open source --> The Code which encrypts the login password is freely available --> A Baddie looks at the code and
[snip] Lemme address ur 1st issue.....
Gnu/Linux is Open Source distibuted under the GPL where in ny1 can hav a look @ the code change it anre distribute the source code.
Look @ it from this point of view.....
--> @ M$ 5000 dumb f***s write 50Million lines of code...(Just an example...) Where more attention is paid to the interface nd eyecandy and all the bull shit to tap into ur comp & brain nd tell then wat r u thinkin abt while havin s**...;) so...its just 5000-10000 pple prying open the code to fish out the bugs.....
--> In comparison, in Open Source and on GNU/Linux .....we hav millions of pple usin the code......nd probably half that number involved in bug fixing, beta testin nd some fortunate few in code chekin..............ask urself is there a better way to find out flaws with millions of dudes from all around the world peekin into the code from their own point of view..rather than the situation as mentioned above.....so natuarally the bug fixin process is faster...nd stable nd code developemd according to standards happens faster.
There r flip sides tho.......as of now...this is enough...;)
finds out the algorithm --> cat /etc/passwd | grep root --> Voila! the baddie has root password.
[snip] Dude........this is password crackin..nd nothin to do with Open Source or Gnu/Linux..... Lemme tell u If some d**** sysadmin has his /etc/passwd world read only......ofcousre he'll get whacked......the only way to save ur A** is to read up.....surf the net...keep updated ............nd b partof the Gnu/Lugz around the world......which ROCKZ.....;)
Gnu/Linux is a revolutions......the Os just happens to be part of it..nd i Luv being there....how abt ut........;)
Trevor Warren
Of course this does not happen How does Linux manage to be secure inspite of being open source?
--
===== ( >- GNU/LINUX, It's all about CHOICE -< ) /~\ __ http://www.qmailtheeasyway.com __ /~\ | ) / mailto: trevorwarren@yahoo.com \ (/ | |_|_ \ Urgent ->9820349221@maxtouch.co.in / _|_| ___________________________________/
__________________________________________________ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/
-
Nikhil Joshi -
Niraj Kumar -
Philip S Tellis -
Ravindra Jaju -
sachin -
Sameer D. Sahasrabuddhe -
Satya -
Trevor Warren