Bugtraq mailing list archives

Re: Not so much a bug as a warning of new brute force attack

From: amerifie () chat carleton ca (Aaron Merifield)
Date: Mon, 3 Jun 1996 12:37:59 EDT


Brett L. Hawn writes:


Given a file full of usernames and the standard 'dict file' one can

Solution:

Implement random delay times, logging, and disconnection within the pop3
daemom



Why not just change the system so that it wont accept a dictionary name as
a valid password.  Six to eight characters and at least 1 or 2 numbers
would make it a little more difficult too.
The main way to crack password files seems to involve using dictionary
files (that you can easily get from the net) and using brute force to
compare the encrypted dictionary words to the encrypted passwords.
Therefore just dont allow dictionary words as passwords.  Although the
number you can still make your own dictionary files of random characters,
the percentage of people that would even bother drops big time, IMO.


---=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=---
Aaron Merifield
Carleton University
Graduated spring-95, B.Sc. Physics.
Department of Computer Mathematics, 3rd yr.
      *=--=-==-=--=-==-=--=-==-=--=-==-=--=-==-=--=-==-=--=-=*
E-MAIL:       Amerifie () chat carleton ca
WEB-PAGE:     http://chat.carleton.ca/~amerifie
---=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=---

Current thread:

Not so much a bug as a warning of new brute force attack Brett L. Hawn (Jun 01)
- Re: Not so much a bug as a warning of new brute force attack Paul C Leyland (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Christopher X. Candreva (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Richard Ashton (Jun 03)
  - Re: Not so much a bug as a warning of new brute force attack Jeremy D. Zawodny (Jun 03)
  - Reply from the author of popper at Qualcomm Pete Ashdown (Jun 03)
    - Attacks using pop Alan Brown (Jun 03)
    - Re: Attacks using pop simes () tcp co uk (Jun 04)
    - Re: Attacks using pop Alan Brown (Jun 04)
- [linux-alert] Serious Security hole in getpwnam () [Forwarded Jeff Uphoff (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Aaron Merifield (Jun 03)
  - Re: Not so much a bug as a warning of new brute force attack Brett L. Hawn (Jun 03)
    - pop3 daemon with syslog logging Gunnar Ingvi Thorisson (Jun 03)
    - Re: Not so much a bug as a warning of new brute force attack Alan Brown (Jun 03)
    - Re: Not so much a bug as a warning of new brute force attack Brian Davidson (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Russell Street (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Joe Block (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Thayne Forbes (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Steve Chew (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Shaun Lowry (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Valdis.Kletnieks () vt edu (Jun 04)

(Thread continues...)