Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!umich!yale!cs.utexas.edu!samsung!emory!mephisto!gatech!galbp!wittsend.syntrex.com!mhw From: mhw@wittsend.syntrex.com (Michael H. Warfield (Mike)) Newsgroups: comp.unix.internals Subject: Re: Finding Passwords Message-ID: <11133@galbp.LBP.HARRIS.COM> Date: 20 Sep 90 15:13:57 GMT References: <8354@helios.TAMU.EDU> Sender: news@galbp.LBP.HARRIS.COM Reply-To: mhw@wittsend.UUCP (Michael H. Warfield (Mike)) Distribution: usa Organization: /etc/organization Lines: 30 In article <8354@helios.TAMU.EDU> peram@cs.tamu.edu (Suresh B Peram) writes: >Is it possible to break passwords so >easily in Unix Systems ? Is it >possible to "catch" passwords while >they are being typed at the terminal ? Answer is wwweeelll yes and no. There are techniques which can crack the encrypted password entry given sufficient horse power and time to do the job. Some newer implimentations of the encryption algorithm are efficient enough to make the brute force approach practical on a decent mini that your not going to use for anything else for a while. This is to say nothing of the standard hackers "short cuts". Many common passwords are all to easy to crack before resorting to the brute force method. They are a direct result of people choosing simple passwords that others can systematically guess easily. It is possible to "catch" passwords while they are being typed at a terminal, but this generally requires intimate knowledge of the system and often requires superuser priviledges. A typical "trogan horse" attach would be to leave a dummy "login" program on the line to catch the next guy's login. You give him a bogus "Incorrect login" and drop out to let getty give him a legitimate shot at loging in. Normal system security for terminal devices and honest, diligent system administrators can prevent most of this or make it so difficult, it's not worth the effort. Michael H. Warfield | (404) 551-7870 | mhw@WittsEnd.SYNTREX.COM (The Mad Wizard) | NIC: MHW-9 | gatech.edu!galbp!wittsend!mhw An optimist believes we live in the best of all possible worlds. A pessimist is sure of it!