Re: Regarding sudo

Em Sexta, 13 de Julho de 2007 15:41, John Hasler escreveu:

a hash, picking the hash, reverse the process and get to "m839nsk9"
(amoung others), if both passwords collide in the same hash.

Here is an md5sum: 4d5fcfe735a39ff224d7cf2bac0d8aa7 Reverse it. You
have the source for the program and the algorithm is extensively
documented on the Web.

Dammit, these aren't just mathematical operations, it also combines logical
operations (XOR, AND, OR , NOT), and even had studdy a little of bolean
algebra in my digital electronics studies, this was 20 years ago and i
can't remember ***... :(

they process the password bit by bit and chew it with these logical
operations, maybe i'm not qualified to write a reverse logical sequence,
i'm not the only one having the same doubts...

found this at http://en.wikipedia.org/wiki/MD5

Vulnerability

Recently, a number of projects have created MD5 "rainbow tables" which are
easily accessible online, and can be used to reverse many MD5 hashes into
strings that collide with the original input, usually for the purposes of
password cracking.

and there is also this: http://www.infosec.sdu.edu.cn/paper/md5-attack.pdf

See? it doesn't matter if the result matches the original password, if bouth
produce the same hash.




Ok, but let's not continue this, i know that there is no normal way to pick
the hash, and i'm focusing now on the timestamp situation...
and i can't find info if during the timestamp, sudo will allow to be used by
any program that has the UID of the user that started the timestamp, nor if
sudo only allows comands typed on a konsole or if it also allows something
that comeout from a script or program.

man sudo doesn't especify this and i can't find info about it...

regards
ArameFarpado



.