PASSWORD GUESSING
Jim Frost
madd at bu-cs.BU.EDU
Mon Aug 21 11:46:49 AEST 1989
In article <24888 at prls.UUCP> gordon at prls.UUCP (Gordon Vickers) writes:
| The advice I see most often, and use myself is to simply pick
| two unrelated words that are seperated by a symbol, with the entire
| password being seven or eight charectors in length. Care to figure
| what the odds are of a hacker breaking it ?
Sure. Very good if the hacker has (exclusive) access to a good
parallel machine, or access to several PC's and a good crypt()
implementation.
One of the problems of the UNIX password scheme is that it believes
that you don't have 50+ mips of processing power and a reasonably
efficient crypt(). (In fact I know someone who did a fairly complete
scan of 6 letter passwords using heavy parallelism; this is likely to
become more common as machines get faster.)
Since there are a variety of simple ways to get around this problem
which have been discussed in full on this and other newsgroups, I
won't go into it. Just remember that machine speed is rising quick
enough for brute-force to be effective.
jim frost
software tool & die
madd at std.com
More information about the Comp.unix.wizards
mailing list