[Previous] [Next] [Index]
[Thread]
Re: Unix links subverting Web security
--------
Jeffrey Russell Horner <jhorner@cs.utk.edu> writes:
% What can you glean from a passwd file?
%
% Surely no one has cracked crypt()...
By testing against a dictionary with "common" variations, current
machines can do more than 100,000 probes per second. That means
that you can exhastively test all common names and variations in
a day or so.... And a full exhastive search of the current
password is on the order of a month or two of compute time
with current systems....
Giving away a password, even encrypted is a big issue.
We crack our own password file and a regular basis as a way
to keep the guessable password to a minimum....
John Sechrest . Helping people use
Executive Director . computers and Internet
Computer Science Outreach . more effectively
303 Dearborn Hall .
Oregon State University . Internet: sechrest@cs.orst.edu
Corvallis Oregon 97331 . (503) 737-5562
. http://www.csos.orst.edu/
References: