From: ziplock@yabbs
To: xenon@yabbs
Subject: re: pword files
Date: Sun Oct 24 19:56:41 1993
Decrypting passwd's in /etc/passwd is not that hard.  I would venture
a guess that 90% of university computing sites have at least one
entry where the passwd is the same as the login name and away you go.
Making a test for "joe" passwd's where the user has just used their
login name for the passwd is extremely easy and doesn't produce anywhere
near the kind of noticable load that running crack with fat dictionaries
will.  All you do is grab the user names, crypt them, compare them, go
on to the next one.  A 300-user passwd file can be done in a minute or
two on a reasonable machine.