Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Not so much a bug as a warning of new brute force attack

From: jco () bbn com (John Orthoefer)
Date: Tue, 4 Jun 1996 14:30:32 -0400

Brian Davidson wrote:

Against multiple accounts, crack has to encrypt each word in the
dictionary with multiple salts (4096, put there to slow down such attacks).
I beieve (but could be wrong) that an attack against pop would be
faster.  You can spawn multiple processes, all filling up all the
available bandwith, and trying to get in.  You don't have to encrypt each
dictionary word even once, let alone 4096 times.


The first thing crack does is make a list of all the salts in the
password file.  Since unless you have a password file with at least 4096
passwords in it (realisiticly it's got to be MUCH larger, since you will
start repeating salts at some point) there is no reason to try all
salts.

This will tell you what all the salts that are used in a password file
are:
        cut -f 2 -d \: /etc/passwd | cut -c 1,2 | sort | uniq -c | more

Then it dishes out 1 word to some large number of children processes
ecrypting the password n times where n is the number of salts being used
in the target password file.

johno
Previous By Date Next
Previous By Thread Next

Current thread: