Bugtraq mailing list archives

Re: Not so much a bug as a warning of new brute force attack

From: alan () manawatu planet org nz (Alan Brown)
Date: Tue, 4 Jun 1996 16:21:17 +1200


On Mon, 3 Jun 1996, Brett L. Hawn wrote:

You can lead a user to a good password but you can only make them use it for
so long.


What about a fascist passwd program which refers to a dictionary and
rejects "easy" passwords? Does such an animal exist?

Not to mention anyone with the time and desire can create a fairly
nifty 'dictfile' like I did a few years back. All it takes is some simple
brain power and a LOT of disk space, a quick file that prints all variations
of 5-8 charater length combinations to a file. I stopped mine at 238megs and
it was still going strong.


I think this one comes under the heading of "brute force attack" - just
with alphanumerics (a-z,A-Z,0-9) you're looking at needing 62^8 entries
for a complete set of 8 character passwords. It's probably faster to try
and decrypt the passwd file entry directly.

AB

Current thread:

Re: Not so much a bug as a warning of new brute force attack, (continued)
- Re: Not so much a bug as a warning of new brute force attack Richard Ashton (Jun 03)
  - Re: Not so much a bug as a warning of new brute force attack Jeremy D. Zawodny (Jun 03)
  - Reply from the author of popper at Qualcomm Pete Ashdown (Jun 03)
    - Attacks using pop Alan Brown (Jun 03)
    - Re: Attacks using pop simes () tcp co uk (Jun 04)
    - Re: Attacks using pop Alan Brown (Jun 04)
- [linux-alert] Serious Security hole in getpwnam () [Forwarded Jeff Uphoff (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Aaron Merifield (Jun 03)
  - Re: Not so much a bug as a warning of new brute force attack Brett L. Hawn (Jun 03)
    - pop3 daemon with syslog logging Gunnar Ingvi Thorisson (Jun 03)
    - Re: Not so much a bug as a warning of new brute force attack Alan Brown (Jun 03)
    - Re: Not so much a bug as a warning of new brute force attack Brian Davidson (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Russell Street (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Joe Block (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Thayne Forbes (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Steve Chew (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Shaun Lowry (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Valdis.Kletnieks () vt edu (Jun 04)
    - rexec brute bastard (Jun 04)
    - Selecting Good Passwords mdr () vodka sse att com (Jun 04)
    - brute force *Hobbit* (Jun 04)

(Thread continues...)