jpb@umbio.med.miami.edu (jpb) (03/27/91)
In article <1991Mar26.163720.28379@en.ecn.purdue.edu> kidder@en.ecn.purdue.edu (Mark Stephen Kidder) writes: >In article <1991Mar26.015635.23103@mintaka.lcs.mit.edu> rjc@geech.gnu.ai.mit.edu (Ray Cromwell) writes: > >>couple of minutes of guessing is all that is needed. New students >>just receiving accounts choose easy passwords. For instance, at my >>local college here, I found that 50% of the passwords in the /etc/passwd >>file were either the user's name, or his name spelled backwards, or >>'pass', 'passwd', and 'password.' >> Blaming the FSF for password 'crackers' isn't right. If the FSF machines >>were removed from the net it wouldn't stop hacking at all. In fact, once >>a hacker gains access to a machine (through a unsecure student account) >>he can download the password file and crack it on his pc at home. > ^--- Not very bloody likely since >even the most sophisticated hacker couldn't break the DES encoding method >used. This fact is rather obvious since there is no decoding algorithm for >password encryption on UNIX (or any of it's cousins, i.e. DYNIX). UNIX-like >systems ask for the password when you log in. Encrypt it and compare the >one you gave to the one stored at your login pointer in /etc/passwd. If >the two encrypted password are identical you're in. And no, the odds of >two different passwords having the same encryption word is astronomical. Surprise. The technique is not to try and crack DES, but to apply the same algorithm to a dictionary file, and then compare the output to the target login's password field. If you're on another unix system, this can be fairly trivial, especially if you have access to a machine with a source license. If you're feeling sophisticated, you maintain a file containing all the successful strikes you've ever had, and use it first before going to a large dictionary or (shudder) methodical generation of words. Joe -- Joe Block (jpb@umbio.med.miami.edu) "Never send a monster to do the work of an evil genius."
kidder@en.ecn.purdue.edu (Mark Stephen Kidder) (03/27/91)
OK! For everybody that wants to know and even those who don't, probably
every possible idea of cracking accounts has been put into play. I
have received mail from about 20 different people saying the say thing:
test with the dictionary method. I totally agree that this method is
not only easy to do, but will work in most cases, provided that the
user uses real words (as pointed out by many others, new users do) instead
of complex passwords consisting of both cases, symbols, and numbers.
Have a nice day!
Mark
PS I learned earlier from another that UNIX does not use a DES
encryption method for the password; however, a one-way method
is used making decoding a password impossible.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Mark Stephen Kidder | Soon it will be time. | Life in a Northern Town
kidder@en.ecn.purdue.edu | Are you ready? | Remembrance Days
| | A Different Kind of Weatherpjnesser@mbunix.mitre.org (Nesser) (03/27/91)
Someone in this thread pointed out that the way to crack passwords is to maintain a list of encrypted dictionary words and compare against that. I just want to point out that this is an amazingly expensive way to do it since you have to keep 4096 strings for each word. Disk space is getting cheaper but ... It's not that I've figured out a great way to do it myself but ... :-) -- ---> Philip J. Nesser Member of the Technical Staff The MITRE Corporation ARPA: pjnesser@mbunix.mitre.org UUCP: ...!mit-eddie!pjnesser
auvsaff@auvc8.tamu.edu (David Safford) (03/27/91)
In article <1991Mar27.094325.24599@en.ecn.purdue.edu>, kidder@en.ecn.purdue.edu (Mark Stephen Kidder) writes: |>PS I learned earlier from another that UNIX does not use a DES |> encryption method for the password; however, a one-way method |> is used making decoding a password impossible. |> Well, sort of true. To be precise, Unix password encryption is done with 25 repetitions of a very slightly modified DES routine. The 25 repetitions are done to slow down hacking attempts, such as with dictionary based programs. This repetition makes a single dictionary pass take minutes, rather than seconds, which does help. The modification to DES is rather minor - the DES E (expansion) table is scrambled in one of 4096 ways, based on a random 2 character salt. The rationale for this minor modification was to prevent use of DES hardware for password attacks. The bottom line is that crypt differs from DES only slightly, but enough to slow down hacking a bit.
dvk@sei.cmu.edu (Daniel Klein) (03/27/91)
At the recent USENIX Security Workshop in Portland, I published a report on cracking. From a sample set of 13,797 accounts, I was able to crack 3340 using the dictionary method (that's 24.2%). I did a lot more than just look in /usr/dict/words, but the fact remains that if you use *any* kind of word as your password, it can be cracked. If you'd like to read the paper (replete with lots of interesting statistics), the full citation is: "`Foiling the Cracker': A Survey of, and Improvements to, Password Security", Proceedings of the USENIX Association UNIX Security II Workshop, Portland, Oregon, August 27-28, 1990 (or I can send you troff source or Postscript). -- ============ -- =========== -- =========== -- =========== -- =========== -- "The only thing that separates us from the animals is superstition and mindless rituals". Daniel Klein CMU-SEI +1 412/268-7791 dvk@sei.cmu.edu
mjr@hussar.dco.dec.com (Marcus J. Ranum) (03/28/91)
jpb@umbio.med.miami.edu (jpb) writes: >Surprise. The technique is not to try and crack DES, but to apply the same >algorithm to a dictionary file, [...] >[...] If you're feeling sophisticated, you maintain a If you're feeling "sophisticated" you won't even try a dictionary attack. Quelle gaucherie!! This dictionary-attack newbie stuff is about IBM-PC BBS-weenie level. Sure, it works, but it's nauseatingly amateurish. mjr.
n138ct@tamuts.tamu.edu (Brent Burton) (03/28/91)
In article <1991Mar27.173046.29751@decuac.dec.com> mjr@hussar.dco.dec.com (Marcus J. Ranum) writes: > If you're feeling "sophisticated" you won't even try a dictionary >attack. Quelle gaucherie!! > > This dictionary-attack newbie stuff is about IBM-PC BBS-weenie >level. Sure, it works, but it's nauseatingly amateurish. I thought this was a ridiculous statement. Sure, it might be a very straight- forward easy-to-understand method, but obviously it works. I don't think it'd be such a popular method if it didn't work. I'm not interested in cracking into systems, but if I was, I know that I'd try the easiest way to do this. I certainly WOULD NOT spend time researching an O(xx) cracking algorithm to do this. I imagine some dedicated cracker would. +----------------------+--------------------------+ | Brent P. Burton | n138ct@tamuts.tamu.edu | | Texas A&M University | Computer Science/Physics | +----------------------+--------------------------+
sean@coombs.anu.edu.au (Sean Batt) (03/28/91)
pjnesser@mbunix.mitre.org (Nesser) writes: > Someone in this thread pointed out that the way to crack passwords > is to maintain a list of encrypted dictionary words and compare > against that. I use this technique from time to time to make sure the users on my machine are choosing reasonable passwords. If you choose something easy around here, you'll get a non-email letter with a paper on the "right way" to choose passwords. Unfortunately, some of my users choose the obviously difficult to crack passwords that are suggested in the paper! How many of my users have "IXdKKasPDd" as their password? (IE After "In Xanadu did Kubla Kahn a stately Pleasure Dome decree"). > I just want to point out that this is an amazingly expensive way to > do it since you have to keep 4096 strings for each word. Disk space > is getting cheaper but ... It's not that I've figured out a great > way to do it myself but ... :-) Ahh! Well I keep mine on ten 2.3GByte Exabyte tapes. Indexed by salt for example. On my machine with 500 users we have 411 distinct salt values. That certainly cuts down the search space. Of course for my application its only necessary to record the encrypted value as we're not interested in exactly what the password was, just the fact that it could be {cr,h}acked. I'm not going to make my tapes available to anyone else I'm afraid. Sean -- ------------- Sean Sebastian Batt - sean@coombs.anu.edu.au -------- .______. -------- Coombs Computing Section - Telephone: +61 6 249 3296 ----- | Damn |\ -- Australian National University - GPO Box 4 Canberra City 2601 -- | Fine |/ ------------------------------------------------------------------- `------'
seanp@amix.commodore.com (Sean Petty) (03/28/91)
mjr@hussar.dco.dec.com (Marcus J. Ranum) writes: > jpb@umbio.med.miami.edu (jpb) writes: > > >Surprise. The technique is not to try and crack DES, but to apply the same > >algorithm to a dictionary file, [...] > >[...] If you're feeling sophisticated, you maintain a > > If you're feeling "sophisticated" you won't even try a dictionary > attack. Quelle gaucherie!! > > This dictionary-attack newbie stuff is about IBM-PC BBS-weenie > level. Sure, it works, but it's nauseatingly amateurish. ^^^^^^^^ That's all that counts in that game. Sean ---- Sean Petty |INTERNET: undrground!seanp@amix.commodore.com | UUCP: uunet!cbmvax!amix!undrground!seanp "In order to make anything from | ICBM: 39.58.1' North 75.61.1' West scratch, you must first create | 50/50: seanp@undrground.UUCP the universe." - Carl Sagan | seanp@amix.commodore.com
jpb@umbio.med.miami.edu (jpb) (03/29/91)
In article <1991Mar27.173046.29751@decuac.dec.com> mjr@hussar.dco.dec.com (Marcus J. Ranum) writes: >jpb@umbio.med.miami.edu (jpb) writes: > >>Surprise. The technique is not to try and crack DES, but to apply the same >>algorithm to a dictionary file, [...] >>[...] If you're feeling sophisticated, you maintain a > > If you're feeling "sophisticated" you won't even try a dictionary >attack. Quelle gaucherie!! > > This dictionary-attack newbie stuff is about IBM-PC BBS-weenie >level. Sure, it works, but it's nauseatingly amateurish. I should have said efficient rather than sophisticated. It may be IBM-PC BBS-weenie level, but it works well on most sites, especially .edu ones. Joe -- Joe Block (jpb@umbio.med.miami.edu) "Never send a monster to do the work of an evil genius."
pkr@sgi.com (Phil Ronzone) (04/02/91)
In article <PJNESSER.91Mar27142853@mbunix.mitre.org> pjnesser@mbunix.mitre.org (Nesser) writes: >Someone in this thread pointed out that the way to crack passwords is to >maintain a list of encrypted dictionary words and compare against that. I >just want to point out that this is an amazingly expensive way to do it >since you have to keep 4096 strings for each word. Disk space is getting >cheaper but ... It's not that I've figured out a great way to do it myself >but ... :-) Well, assuming 100,000 words of 13 characters each, for each of 4096 possibilities, that gives us 5,324,800,000 bytes. Now, with the 750MB and 1.2G 5.25" disk drives around, I'd probably have to have several of the drives, OR, maybe use a smaller dictionary. 100,000 words is a LOT of words ..... -- Philip K. Ronzone S e c u r e U N I X pkr@sgi.com Silicon Graphics, Inc. MS 9U-500 work (415) 335-1511 2011 N. Shoreline Blvd., Mountain View, CA 94039 fax (415) 969-2314 ...................................."Why, you little ........", Homer Simpson
rodney@sun.ipl.rpi.edu (Rodney Peck II) (04/02/91)
In article <1991Apr1.173824.20323@odin.corp.sgi.com> pkr@sgi.com (Phil Ronzone) writes: >In article <PJNESSER.91Mar27142853@mbunix.mitre.org> pjnesser@mbunix.mitre.org (Nesser) writes: >>Someone in this thread pointed out that the way to crack passwords is to >>maintain a list of encrypted dictionary words and compare against that. I >>just want to point out that this is an amazingly expensive way to do it >>since you have to keep 4096 strings for each word. Disk space is getting >>cheaper but ... It's not that I've figured out a great way to do it myself >>but ... :-) > > >Well, assuming 100,000 words of 13 characters each, for each of 4096 >possibilities, that gives us 5,324,800,000 bytes. Now, with the >750MB and 1.2G 5.25" disk drives around, I'd probably have to have >several of the drives, OR, maybe use a smaller dictionary. or three exabyte tapes with indexing thrown into the extra 700 meg left over. cost to you from your local photo/camera shop: $7.00 per 2 gigabytes. >100,000 words is a LOT of words ..... not really. -- Rodney
banshee@ucscb.UCSC.EDU (Wailin' Through The Nets) (04/02/91)
I seem to recall pkr@sgi.com (Phil Ronzone) saying: > >Well, assuming 100,000 words of 13 characters each, for each of 4096 >possibilities, that gives us 5,324,800,000 bytes. Now, with the >750MB and 1.2G 5.25" disk drives around, I'd probably have to have >several of the drives, OR, maybe use a smaller dictionary. > >100,000 words is a LOT of words ..... > Don't be silly. Talk about 25000 words x 4096 permutations x 13 bytes. That gives you 1.3 x 10^9 bytes. Now figure this is all ascii and you can expect at least 50% compression ratios. So say 6.6 x 10^8 bytes. That'll fit on my gigabyte drive with room to spare. Wanna tell me that the NSA _doesn't_ have this kind of thing precomputed? -- The Wailer at the Gates of Dawn | johnv@metaware.com | #include <vomit.h> | uunet!metaware!johnv | void puke(struct dinner *p) { free(p); } | banshee@ucsc{b,f}.UCSC.EDU | 2,3,5,7,13,17,19,31,61,89,107,127,521,607....| banshee@ucsc{b,f}.BITNET |
dougs@baldwin.WV.TEK.COM (Doug Schwartz;685-2700;61-252;Baldwin) (04/02/91)
In article <m2#grfk@rpi.edu> rodney@sun.ipl.rpi.edu (Rodney Peck II) writes: >In article <1991Apr1.173824.20323@odin.corp.sgi.com> pkr@sgi.com (Phil Ronzone) writes: >>In article <PJNESSER.91Mar27142853@mbunix.mitre.org> pjnesser@mbunix.mitre.org (Nesser) writes: /* Deleted suggestion to save encrypted dictionary */ >>possibilities, that gives us 5,324,800,000 bytes. Now, with the ... >or three exabyte tapes with indexing thrown into the extra 700 meg left over. WORM -- Doug Schwartz dougs@orca.wv.tek.com Tektronix Wilsonville, OR
mitch@hq.af.mil (Mitch Wright) (04/04/91)
/* * In article <1991Apr1.173824.20323@odin.corp.sgi.com> * pkr@sgi.com (Phil Ronzone) writes: * */ pjnesser@mbunix.mitre.org (Nesser) writes: >>Someone in this thread pointed out that the way to crack passwords is to >>maintain a list of encrypted dictionary words and compare against that. I >>just want to point out that this is an amazingly expensive way to do it >>since you have to keep 4096 strings for each word. Disk space is getting >>cheaper but ... It's not that I've figured out a great way to do it myself >>but ... :-) >Well, assuming 100,000 words of 13 characters each, for each of 4096 >possibilities, that gives us 5,324,800,000 bytes. Now, with the >750MB and 1.2G 5.25" disk drives around, I'd probably have to have >several of the drives, OR, maybe use a smaller dictionary. > >100,000 words is a LOT of words ..... > Though the number is still quite large, you really only need 11 characters each, since it is trivial to know which salt grouping you are looking at. Therefore, we are looking at saving: 5,324,800,000 100,000 x 11 x 4096 = 4,505,600,000 ------------- 819,200,000 bytes There are other techniques that will allow even further compression of the data. You can easily store this on a few 8mm tapes and your off and running. -- ~mitch _______________________________________________________________________________ mitch@hq.af.mil (Mitch Wright) | The Pentagon, 1B1046 | (703) 695-0262 _______________________________________________________________________________