Off Topic Telnet problems

[Bill Campbell]

On Tue, Mar 17, 2009, Fairlight wrote:
>Y'all catch dis heeyah?  Bill Campbell been jivin' 'bout like:
>> Is this a SCO OpenServer box?
>> 
>> I seem to remember something where they would disable ports after
>> too many failed login attempts or some such, but do not remember
>> what the fix was other than one goes into scoadmin to fix it.
>
>That's insane for anything that's not a hardwire device like a serial port.
>I could see that case...  

We are talking OpenServer here so sanity isn't in question.

>But for ttypX, where the lowest non-used port is always tried?  There's
>either something I'm overlooking (which I can't think for the life of me
>of ATM), or it's some of the poorest software engineering I've seen in a
>while.
>
>Actually, does OSR5 (or even 6) support anything but DES for passwords?
>SHA1, MD5, or BlowFish, maybe?  If not, why even bother?  The pool for
>salts is only 4096 deep with DES, as I remember Bill Vermillion pointing
>out on numerous occasions.  You don't even need distributed computing to
>crack that in a reasonable time, given today's horsepower.

Be aware that major Linux vendors (e.g. Red Hat/CentOS) do not
support SHA1 passwords in their standard installs, which can be a
major PITA if moving from SuSE boxes that support it.  We
generally use MD5 as it is reasonably secure, and is supported by
any Linux using the normal glibc crypt extensions.  Naturally I
found out about this the hard way.

Bill
-- 
INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186

We believe...that a mugger will kill you in the half-second it takes to
draw from the holster, but won't harm you while you dial the police on your
cell phone, talk to the dispatcher and wait half an hour for officers to
arrive. -- Gun-Control Net-work Credo