Re: Unix links subverting Web security

To: Jeffrey Russell Horner <jhorner@cs.utk.edu>
Subject: Re: Unix links subverting Web security
From: (John Sechrest) <sechrest@cs.orst.edu>
Date: Thu, 26 Oct 1995 21:13:16 -0700
Cc: Thomas Maslen <tmaslen@verity.com>, Steff Watkins <Steff.Watkins@Bristol.ac.uk>, www-security@ns2.rutgers.edu
In-reply-to: Your message of Thu, 26 Oct 1995 15:33:03 EDT. <199510261933.PAA25133@rudolph.cs.utk.edu>

--------

Jeffrey Russell Horner <jhorner@cs.utk.edu> writes:

 % What can you glean from a passwd file?
 % 
 % Surely no one has cracked crypt()...

By testing against a dictionary with "common" variations, current
machines can do more than 100,000 probes per second. That means
that you can exhastively test all common names and variations in
a day or so.... And a full exhastive search of the current
password is on the order of a month or two of compute time
with current systems....

Giving away a password, even encrypted is a big issue.
We crack our own password file and a regular basis as a way
to keep the guessable password to a minimum....





John Sechrest         .         Helping people use
Executive Director      .           computers and Internet
Computer Science Outreach .            more effectively
303 Dearborn Hall            .
Oregon State University         .      Internet: sechrest@cs.orst.edu
Corvallis Oregon 97331               .           (503) 737-5562             
                                            .    http://www.csos.orst.edu/

References:

Re: Unix links subverting Web security

From: Jeffrey Russell Horner <jhorner@cs.utk.edu>

Previous: Re: Unix links subverting Web security
Next: Re: Unix links subverting Web security
Index(es):
- Index
- Thread