andre@targon.UUCP (andre) (07/13/89)
Dear wizards, I am one of three system administrators on this site (targon) and we are going to put our machine in a (small) local network. I think now is the time to check the passwords of our users on fidelity. I was thinking about running a program each night checking passwords on the system (by guessing or something like that) and warning users who choose to simple passwords. If there are programs out there that could help us out on this and if you are willing to mail me the source, please mail me at andre@targon and I will reply as root to show you that I am really a system administator here. (the reason I don't post this as root is that root's mail is send on to more than one person here). Thanks in Advance, Andre \---| AAA DDDD It's not the kill, but the thrill of the chase. \ | AA AAvv vvDD DD Ketchup is a vegetable. /\ \ | AAAAAAAvv vvDD DD {nixbur|nixtor}!adalen.via _/__\__\| AAA AAAvvvDDDDDD Andre van Dalen, uunet!hp4nl!targon!andre -- \---| AAA DDDD It's not the kill, but the thrill of the chase. \ | AA AAvv vvDD DD Ketchup is a vegetable. /\ \ | AAAAAAAvv vvDD DD {nixbur|nixtor}!adalen.via _/__\__\| AAA AAAvvvDDDDDD Andre van Dalen, uunet!hp4nl!targon!andre
ccel@community-chest.uucp (CCEL) (07/16/89)
In article <576@targon.UUCP> andre@targon.UUCP (andre) writes: > ... I was thinking >about running a program each night checking passwords on the system >(by guessing or something like that) and warning users who choose to >simple passwords. I have the source to a program that a friend of mine wrote to hack the passwords in a unix system (I'm posting this in case anyone else is interested). It uses the crypt() function, which is also used by the passwd utilities. The workings of crypt are various and sundry, and unfortunately very very slow. The program works by reading in the "salt" (two 6-bit words) for a user from the password file. This is the encryption key for tha passwd, out of 64 possible. It then grabs words from the dictionary (I used the dict- ionary just because it's a big list of a lot of words; you could probably make your own list of common passwords or whatnot), encrypts a word using the same salt, and compares it to the password. It reports any match(es). Like I mentioned, this is horribly slow, even with one user on a fast system it might take hours to find a match. But that is with a list of 24000 words. I'll e-mail you the source and maybe you can find a way to play with it to speed it up. If anyone else is interested, just drop me a note and i'll give you a copy. ------------------------------------------------------------------------- Randy Tidd ccel@community-chest.UUCP rtidd@mitre.arpa