Re: Attack on DES paper and CRACK

[rgm3 () is chrysler com (Robert Moskowitz)]

I want to thank everyone that helped me on these.

I got it 'locally' over at Mich State U.  Our security manager was so
pleased with the information in it, that he intends in including the whole
piece as an addendum to a security review paper for the auditors and senior
management (rather than just referencing it).

It was quite an eye opener for him, particularly the appendix on the chip
desire for the DES search chip. :)

I got CRACKERJACK, and once I did, I did not give it to the original
requester, rather to our security people for a tool for them.  Too
dangerous, I can't trust that person to restrict who gets it.

However, I was told:

> I suspect that you don't really need CRACK for this but instead could
> simply use a script that checks the selected password's quality before
> it is encrypted, assuming that I read the application right. A perl
> script to do this is an extended example in the Perl book by Larry
> Wall. You can find the code for all the examples in the book on
> ftp.uu.net, and I believe there is a Perl available for PCs, so that
> would more or less handle the problem for you guys.

But the response on ftp.uu.net is terrible.  I have not found these.  Can
anyone point me to another source of these?

Robert Moskowitz
Chrysler Corporation
(810) 758-8212