Hacking
Daniel Klein
dvk at sei.cmu.edu
Thu Mar 28 01:57:28 AEST 1991
At the recent USENIX Security Workshop in Portland, I published a report on
cracking. From a sample set of 13,797 accounts, I was able to crack 3340
using the dictionary method (that's 24.2%). I did a lot more than just
look in /usr/dict/words, but the fact remains that if you use *any* kind of
word as your password, it can be cracked.
If you'd like to read the paper (replete with lots of interesting statistics),
the full citation is: "`Foiling the Cracker': A Survey of, and Improvements
to, Password Security", Proceedings of the USENIX Association UNIX Security
II Workshop, Portland, Oregon, August 27-28, 1990 (or I can send you troff
source or Postscript).
-- ============ -- =========== -- =========== -- =========== -- =========== --
"The only thing that separates us from the animals is superstition
and mindless rituals". Daniel Klein CMU-SEI +1 412/268-7791
dvk at sei.cmu.edu
More information about the Comp.unix.wizards
mailing list