passwords

William Deakin willd at pindar.com
Thu Mar 23 10:52:02 GMT 2000 

Jerome Alet wrote:

> AFAIK it's only possible to do a brute force attack on these passwords:
> encrypt all possible characters combinations and compare the encrypted
> strings: that's very long, and generally considered impossible or near
> impossible (depending on the number of characters possible and the
> encryption algorithm)

Well, thinking about it some more, I probably was hasty and wrong. And yes, what
I was talking about was a brute force attack. The details of what I was thinking
about are hazy (its been a while) and based on cracker, a piece of software
written by Alan Parfitt, and on the crypt encryption algorithm. I should add
that this was carried out with the knowledge (blessing even) of the sysadmin.
This was not an attempt to hack the system, but to look at password security.

As I remember, under AIX and Linux (the only two OS that I tried this on) the
encryption key is (was?) stored in the shadow/passwd file, substantially
reducing the amount of calculation required (IIRC the key was the last two bytes
of the password string). Most people pick really lousy passwords so that using
the key and pemuting a dictionary (using Mr Parfits program) gets alot of
passwords.

When I  tried this on an RS6000 under AIX and on a P75 running Linux I found
that I could get 93 out of 108 of passwords (this was about 5 years ago on old
AIX and linux: the crypt algorithm may have changed, and so on). From my hazy
memory the crack took about 2 and 4 hours on the Linux box and the heavily used
RS6000 box (40 concurrent users developing code plus an infomix database).
Included in this was the root password.

Best Regards,

Will



**********************************************************************
This email and its attachments are intended for the above 
named only and may be confidential.  If they have come to 
you in error, you must take no action based on them, nor 
must you copy or show them to anyone; please reply to this 
email and highlight the error.
Security Warning: Please note that this email has been 
created in the knowledge that the internet email is not a 
100% secure communications medium.  We advise that you 
understand and observe this lack of security when emailing us.
Viruses:  Although we have taken steps to ensure that this 
email and attachments are free from any virus, we advise 
that in keeping with good computing practice the recipient 
should ensure they are actually virus free.
If you have received this email in error please notify:
postmaster at pindar.com
**********************************************************************

More information about the samba-ntdom mailing list