Jacques_Gelinas@CMR001.BITNET (06/29/90)
In a recent posting, i wrote, at the end of my msg: > (By the way, if you trust the standard Unix password encryption > and have not heard of the Cryptbreaker workbench, you are just > like this RMC ADP director, hiding your head in the sand (:-)) This was intended as a joke, but my lack of mastery of the english (hum american) language and an error got in the way. 1. When our local expert on encryption heard of this set of tools, he said "We should not put that into everybody's hands" and my answer was "Everybody but you has it already". 2. I do not know enough about cbw (obviously, see below) to cause you to be alarmed by my remarks. What follows is, however, from the author of cbw ----------------------- The Crypt Breakers' Workbench (CBW) is an interactive multi-window system for mounting a cipher-text only attack on a file encrypted by the Unix crypt command. CBW is a workbench in the sense that it provides the user with an integrated set of tools that simplify the initial, middle and final portions of the decryption process. A user interacts with the workbench by choosing tools and setting parameters. CBW carries out the work and displays the results. A moderately experienced user of CBW can easily decrypt both long and short messages when bigram statistics are known for the message space. The basic cryptanalytic techniques used by CBW are described in a paper by Reeds and Weinberger that appeared in the October 1984 issue of the ATT Bell Laboratories Technical Journal. This manual explains the capabilities and operating procedures of CBW. ..................... One goal of releasing CBW is to discourage people from using the Unix crypt command for sensitive information. Crypt was never intended to be a highly secure cipher. It's primary advantage has been its speed, which made it suitable for integration into a wide range of application programs. The CBW program simply points out how easy the cipher is to break using the ideas described by Reeds and Weinberger in the October 1984 issue of the ATT Bell Labs Technical Journal. As those authors suggested, if you must use crypt, you should run compress on the file before encrypting it. ......... This directory contains the source, documentation, and auxilary files for the Crypt Breakers Workbench (cbw). CBW is a multi-window integrated workbench of tools that help a cryptanalist read files encrypted with the BSD4.2 crypt command. Anyone may copy, modify, use, or redistribute this system. It was originally written by Robert W. Baldwin at MIT. ---------------------------- 3. Finally, this msg corrects my obvious error. > Date: Thu, 28 Jun 90 07:57:26 -0700 > From: Larry Setlow <pjt@cpac.washington.edu> > Message-Id: <9006281457.AA11734@bailey.cpac.washington.edu> > > The password encryption has nothing to do with the Crypt Breaker's > Workbench that I know about; cbw is for the crypt(1) command, which > uses a single-rotor Enigma-like machine. The passwords are used as > keys to repeatedly encrypt a constant string using a modified DES. If > anybody knows a better way than a brute-force dictionary search to > "decrypt" UNIX passwords, they're not telling. > 4. I feel somewhat reassured that many knowledgeable users of Apollos are so much concerned with security.