How secure is UNIX?
Robert Barrell
root at rdb1.UUCP
Wed Jun 13 21:36:41 AEST 1990
In article <8480 at crdgw1.crd.ge.com>, volpe at underdog.crd.ge.com (Christopher R Volpe) writes:
> Wait a minute. It sounds to me like Dan is claiming that with a 10
> (or 20) line C program, he was able to find an arbitrary password
> (with uppercase and numerals) via encryption....
>...
> He says he didn't use /usr/dict/words or any sort of [word list] at all,
> which implies something along the lines of an exhaustive search.
> I find that highly unlikely, considering that the password encryption
> mechanism is an implementation of DES, which uses a 56 bit key.
> A brute force search of the keyspace is pretty unfeasable. Perhaps
> I misunderstood the claim.
Instead of performing an exhaustive search on passwords, perhaps Dan is
doing something by running through all the possible 2-character salt values on
the encrypted password. Even so, isn't crypt() supposed to "rotate" so many
times anyway to defeat such an attempted decryption?
Also, what about the CBW (Crypt-Breaker's Workshop) programs? I believe
they are only for entire files that have been encrypted, but don't know if they
are useful for passwords or not.
--
Robert Barrell | ...!cbmvax!gvlv2!lock60!rdb1!root | Cody Computer Services
Milo's Meadow BBS | root at rdb1.canal.org | 55 East High Street
login: nuucp or bbs |-----------------------------------| Pottstown, PA 19464
(215) 323-0497 | Business and Police Dept Software | (215) 326-7476
More information about the Comp.unix.questions
mailing list