Since some people where are not as versed in crypto knowledge as some others, I'm going to talk about a few things I'll also include in tomorrow's article a bit early ;-)
First off, modern user authentication systems never store the value of the password. Instead, they store the value of a hash function. A hash function is a one-way mathematical function that takes a variable size input, and produces an output that is a fixed length. Slackware Linux, Maximus BBS software both use MD5 hashes, Red Hat seems to use DES/crypt hashes, and OpenBSD use Blowfish hashes. The purpose of this is that knowing the hash gives you nothing -- you must know the password, which has to be hashed before it is compared to the database of user hashes.
The problem here is that QNX did not choose a known hash function. Instead they wrote an algorithm which is easy to take in both directions. Because of this, people who can read the passwd file can break the passwords in seconds.
FlinkDelDinky, Red Hat is known for security holes. This is why people generally gravitate towards a more secure package, like Slackware or OpenBSD. TThe reason this is important because there is no other Unix or Unix-alike which allows you do to this.. It is a major security flaw in their design of QNX.
[ イノシロ ]