[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Users Password
Any sys manager who has a Unix system, vulnurable to brute force attacks
should be shot....as well as the users;-)
-----Original Message-----
From: Meir Litmanovich <meir@xpert.com>
To: Ze'ev Maor <gmaor@techunix.technion.ac.il>
Cc: Ben - Nes Michael <miki@canaan.co.il>; linux-il <linux-il@cs.huji.ac.il>
Date: ÊÅÎ ÝÒÊ 31 ÁÅ×ÅÓÉ 1998 11:00
Subject: Re: Users Password
>> Unix password encryption algorythm is a varient of the DES (Data
Encryption
>> Standard) algorythm + 2 bytes (calles salt) added (in several iteratto
>> make it ireversable (which it is;-)). I.e. you can't "reverse engineer"
>> the passwords from the passwd file....
>>
>I know. But something that maybe you don't know is that
>dictionary-based attacts can be extreme good in case
>you never asked your users to choose good passwords.
>Brute force attacs can also be quite good in case
>you have a lot of processor time.
>You know, "password recovering" programm aare very
>good in parallel processing.
>BTW somebody managed to make "israel-friendly" password
>dictionary for Crack ? There's a lot of users using
>they wife/husband/child name for the password and
>most of those hebrew names aren't in the dictionary ...
>
>Hapy cracking ...
>
>Meir
>
>