Path: utzoo!attcan!uunet!snorkelwacker!bloom-beacon!jik
From: jik@athena.mit.edu (Jonathan I. Kamens)
Newsgroups: comp.unix.questions
Subject: Re: How secure is UNIX?
Keywords: Security, ftp
Message-ID: <1990Jun13.193151.16426@athena.mit.edu>
Date: 13 Jun 90 19:31:51 GMT
References: <1752@necis <8480@crdgw1.crd.ge.com> <207@rdb1.UUCP>
Sender: news@athena.mit.edu (News system)
Organization: Massachusetts Institute of Technology
Lines: 17

In article <207@rdb1.UUCP> root@rdb1.UUCP (Robert Barrell) writes:
>     Also, what about the CBW (Crypt-Breaker's Workshop) programs?  I
>believe they are only for entire files that have been encrypted, but
>don't know if they are useful for passwords or not.

  CBW is designed for breaking the encryption on files that were
encrypted using crypt(1).  The crypt program *does not* use DES
encryption, which is what the crypt(3) function uses.  Instead, it
uses "a one-rotor machine designed along the lines of the German
Enigma, but with a 256-element rotor" (that's from the man page).

  In other words, CBW isn't useful for breaking password encryption.

Jonathan Kamens			              USnail:
MIT Project Athena				11 Ashford Terrace
jik@Athena.MIT.EDU				Allston, MA  02134
Office: 617-253-8495			      Home: 617-782-0710