Password cracking (was Re: How to stop future viruses.)

[MFHorn]

>From article <2186 at cuuxb.ATT.COM>, by dlm at cuuxb.ATT.COM (Dennis L. Mumaugh):
> Thus  it  is 22 bytes x 80,000 x 4096 or
> 7,208,960,000 bytes of storage.  With say 20 cpus  and  only  400
> real  salts  I need 36,044,800 bytes per machine.  I can automate
> almost all of this and thanks  to  RFS  and  LAN's  communcations
> isn't  the problem.  The time is that to fgrep the 36 Meg file on
> each machine.  That runs about an hour depending on load and disk
> performance.

On one of our machines here, I can generate about 50 encryptions
per second.  That's about 500 seconds (8 minutes) to encrypt
/usr/dict/words.  I could probably throw together some 'rsh'
command lines to make some of our big Vaxen, MVs, Apollo and
DEC workstations, etc., do the part of the work, and I'm encrypting
the dictionary in under a minute.

Compare this to the time it would take to grep through N Meg of
pre-encrypted data, and you'll see they're very close (and both
negligible).

> The major point is that properly prepared one CAN crack passwords
> in less than an hour given adequate resources.

Less than a minute.

Andy Rosen           | arosen at hawk.ulowell.edu | "I got this guitar and I
ULowell, Box #3031   | ulowell!arosen          |  learned how to make it
Lowell, Ma 01854     |                         |  talk" -Thunder Road
		RD in '88 - The way it should've been