Finding Passwords
Michael H. Warfield Mike
mhw at wittsend.syntrex.com
Fri Sep 21 01:13:57 AEST 1990
In article <8354 at helios.TAMU.EDU> peram at cs.tamu.edu (Suresh B Peram) writes:
>Is it possible to break passwords so
>easily in Unix Systems ? Is it
>possible to "catch" passwords while
>they are being typed at the terminal ?
Answer is wwweeelll yes and no. There are techniques which can crack
the encrypted password entry given sufficient horse power and time to do the
job. Some newer implimentations of the encryption algorithm are efficient
enough to make the brute force approach practical on a decent mini that your
not going to use for anything else for a while. This is to say nothing of the
standard hackers "short cuts". Many common passwords are all to easy to crack
before resorting to the brute force method. They are a direct result of people
choosing simple passwords that others can systematically guess easily.
It is possible to "catch" passwords while they are being typed at a
terminal, but this generally requires intimate knowledge of the system and
often requires superuser priviledges. A typical "trogan horse" attach would
be to leave a dummy "login" program on the line to catch the next guy's login.
You give him a bogus "Incorrect login" and drop out to let getty give him
a legitimate shot at loging in. Normal system security for terminal devices
and honest, diligent system administrators can prevent most of this or make it
so difficult, it's not worth the effort.
Michael H. Warfield | (404) 551-7870 | mhw at WittsEnd.SYNTREX.COM
(The Mad Wizard) | NIC: MHW-9 | gatech.edu!galbp!wittsend!mhw
An optimist believes we live in the best of all possible worlds.
A pessimist is sure of it!
More information about the Comp.unix.internals
mailing list