On 4/15/21 12:30 AM, Carsten Strotmann wrote:
> Hi Stan,
>
> On 15 Apr 2021, at 4:23, Finn Thain wrote:
>
>> Most of that is probably password hashing. Look in /etc/shadow and you'll
>> probably find long password hashes. If you're not worried about weak
>> hashes, you could switch to DES which is probably what A/UX uses. See
>> 'man
>> login.defs' and 'man 3 crypt'.
>>
>> BTW, if your password hashes are never leaked or your actual passwords
>> are
>> guessable anyway then I don't see much benefit from SHA512.
>>
>> FTR, I'm not advocating guessable passwords and weak hashes. But if you
>> want to try it, I hear that 12345 is very popular:
>>
>> $ perl -e 'print crypt("12345","xx")."\n"'
>> xxwddmriJc5TI
>
> When I had similar problems on a Mac LCII, I've switched the password
> hashing scheme from SHA512 (5000 Rounds) to MD5 with
>
> ENCRYPT_METHOD MD5
>
> in /etc/login.defs and
>
> password [success=1 default=ignore] pam_unix.so obscure md5
>
> in /etc/pam.d/common-password
>
> After changing this setting, make sure to set a new password for the
> users that you use. The password string in /etc/shadow should now look
> like this
>
> user:$1$LJE/eegi$OnIQXGTyEwh2q8rhyJssw/:18732:0:99999:7:::
>
> instead of this (SHA512)
>
> user:$6$ThsKWiJWXD8NRyVk$4jC4Rmn9.SoHFou7w84VOYgTshzyvbz2zIBgDbozbzC5CfYw8Dipihsrd8HC5oNob2OjTun.2dDl0KU4c5lO51:18732:0:99999:7:::
>
>
> Greetings
>
> Carsten
>
Thanks, that fixes the immediate problem (basic access).
Default login times:
telnet (84 seconds after password is entered)
ftp (times out)
Using MD5 hashes:
telnet (6 seconds after password is entered)
ftp (10 seconds after password is entered)
-s
