Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ames!sun-barr!texsun!jthomp@hemaneh.Central.Sun.COM From: jthomp@hemaneh.Central.Sun.COM (Jim Thompson Sun Dallas IR) Newsgroups: comp.unix.wizards Subject: Re: PASSWORD GUESSING (is trivial) Message-ID: <712@texsun.Central.Sun.COM> Date: 24 Aug 89 04:43:29 GMT References: <1919@aucs.UUCP> <737@rwing.UUCP> <1043@accuvax.nwu.edu> <3532@internal.Apple.COM> <3126@rti.UUCP> <24888@prls.UUCP> <36830@bu-cs.BU.EDU> <16924@rpp386.Dallas.TX.US> <25094@prls.UUCP> <2420@letni.UUCP> Sender: news@texsun.Central.Sun.COM Reply-To: jthomp@hemaneh.Central.Sun.COM (Jim Thompson Sun Dallas IR) Organization: Sun Microsystems Inc. - Dallas, TX Lines: 31 > and a resonably fast crypt() a person could *EASLY*, with a brute force > approach, crack passwords without any major difficulty. > tasks. > Now if someone has a real parallel machine or a C2 I could borrow i'ed > be glad to generate some statistics with some real computing power.. ;-) I don't know if Doug meant 'Cray 2', 'Convex C2', or something else here. What I do know is that crypt is fairly vectorizable, and will fall to the Convex vector 'C' compiler as is. (Ok, so you take out the obvioius slowdowns..) VC *loves* array references. Anyway, it turns out that you can do some blazingly huge number of (en)cryptions/sec on a Convex C1, (2000-2500). At Convex, we had a password daemon that would fire up once per night, and guess 'obvious' passwords, ("convex", login name, common obscenities, /usr/dict/words, etc. If it found that you had a naughty password, it would send you a nastygram via email asking you to change your password. A 4-headed C2 would be just plain wicked on this problem. (Since you get 4 vector units all chugging at the problem.) Also, remember that when the Internet worm strode forth last Nov, it was as interested in 'ordinary Joe' passwords as others. It 'used' the information gained about your password on 'this' system to attempt gaining access to 'that' system. Moral? Don't keep the same password on all your accounts. (But you knew that, right?) Jim Thompson - Network Engineering - Sun Microsystems - jthomp@central.sun.com Member of the Fatalistic International Society for Hedonistic Youth (FISHY) "I woudn't recommend sex, drugs, or unix for everyone, but they work for me." - Me (paraphrasing Hunter S. Thompson)