Re: [OFF-TOPIC] Re: [ADMIN] Unix passords and cracking

From: Katzlberger Thomas (cat@vuse.vanderbilt.edu)
Date: 09/20/96


You wrote:
> At 02:13 PM 9/19/96 -0500, you wrote:
> >On Wed, 18 Sep 1996, Ron Hensley wrote:
> >> > and UNIX passwords are _IMPOSSIBLE_ to crack. (I know, you
> >> > have heard
> >> > bullshit I have about someone claiming they can crack them)i.

No. Unix passwords are very vulnerable to attacks from inside.
This means from users already logged into the system, being able
to run programs.

> >encryption on the password in some way. This is definately not
> >possible with passwords in unix. 

You mean decryption.

> >They are indeed uncrackable. But they are absolutely not
> >unguessable. All Crack does is guessing passwords and see if they
> >are the same. Doesn't have much to do with cracking except in the
> >name of the program..

Well, seems we are unclear about the definition of cracking.
However you possibly will not be able to run an algorithm that will
give you the decrypted passwd from the encrypted one, however 
you can try all combinations of unencrypted words put it into the 
crypt function and compare if the encrypted words match ...
With today's computing power we can check quite some possibilities
per second ... 

> yea, that is what I was referring to. decrypting a unix password is
> impossible (even if you know the key word the particuliar unix
> bases it's encryption off of). But people claim to be able too,
> *laugh*. 

No, I don't think anybody claims to have an algorithm to get the
cleartext from the cyphertext without the crack trial and error
procedure.

Cat.+-----------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
|   http://cspo.queensu.ca/~fletcher/Circle/list_faq.html   |
+-----------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/18/00 PST