Hacking

Daniel Klein dvk at sei.cmu.edu
Thu Mar 28 01:57:28 AEST 1991


At the recent USENIX Security Workshop in Portland, I published a report on
cracking.  From a sample set of 13,797 accounts, I was able to crack 3340
using the dictionary method (that's 24.2%).  I did a lot more than just
look in /usr/dict/words, but the fact remains that if you use *any* kind of
word as your password, it can be cracked.

If you'd like to read the paper (replete with lots of interesting statistics),
the full citation is: "`Foiling the Cracker': A Survey of, and Improvements
to, Password Security", Proceedings of the USENIX Association UNIX Security
II Workshop, Portland, Oregon, August 27-28, 1990 (or I can send you troff
source or Postscript).

-- ============ -- =========== -- =========== -- =========== -- =========== --
"The only thing that separates us from the animals is superstition
and mindless rituals".          Daniel Klein	CMU-SEI   +1 412/268-7791
						dvk at sei.cmu.edu



More information about the Comp.unix.wizards mailing list