Subject Re: [IB-Architect] Security holes...
Author Jan Mikkelsen
Doug Chamberlin wrote:
>At 4/2/00 07:16 PM (Sunday), Jan Mikkelsen wrote:
>>I assume passwords are transmitted over the wire in the clear, so they
>>could also be sniffed
>>avoiding the whole "get a copy of isc4.gdb" thing.
>Of course, they are not! Only the encrypted form is sent.

Great, I hadn't checked the line protocol in any way.

I did some quick experiements with isc4.gdb, and then did a quick search at
Mers (which is a very useful site), and found that the algorithm in use is
Unix crypt(3) with a constant(!) salt.

Pick your favourite password cracker and tell it the salt, or have a table
of encrypted dictionary word permutations and just do a lookup. Reusable
for every user and password because the salt is constant.

Jan Mikkelsen