How secure is UNIX?
Dennis Gentry
dennis at bailey.cpac.washington.edu
Tue Jun 12 17:30:47 AEST 1990
In article <1990Jun10.183417.6226 at agate.berkeley.edu> dankg at tornado.Berkeley.EDU (Dan KoGai) writes:
It's not that hard to overcome crypt().
There are no published easy methods of overcoming crypt(). If
you have found one, I would like to help you co-author a paper.
I think my password was well-chosen: It is hardly English or any
other language, with Uppercase and Numbers. My previous one was
very random also. Yet my 10-line (now 20 and can handle even
more complex cases) successfully found it: I didn't use
/usr/dict/words or any sort at all.
Again, I would be extremely surprised if your 20 line program
can successfully find well chosen passwords at any reasonable
rate (say one per year on a fast workstation). Also, it is easy
for a good system administrator to change the original string
being encrypted so that remote password attacks are much more
difficult. Dan, would you be willing to mail me your 20 line
program for analysis? If you are not, I'd still believe you if
you can you find my password. Here is my password entry. (If
any of you besides Dan crack my password, please let me know by
sending e-mail.)
dennis:H3MsMYv9Jed8Y:100:10:Dennis Gentry:/u/dennis:/bin/csh
Thanks,
Dennis
dennis at cs.washington.edu
More information about the Comp.unix.questions
mailing list