Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!elroy.jpl.nasa.gov!ames!mindcraft.com!ronnie From: ronnie@mindcraft.com (Ronnie Kon) Newsgroups: comp.unix.wizards Subject: Re: Passwords with control characters Message-ID: <671739430.9162@mindcraft.com> Date: 15 Apr 91 18:17:09 GMT References: <26522@adm.brl.mil> <1991Apr11.135940.8717@athena.mit.edu> Organization: Mindcraft, Inc. Lines: 35 In article <1991Apr11.135940.8717@athena.mit.edu> jik@athena.mit.edu (Jonathan I. Kamens) writes: >In article <26522@adm.brl.mil>, IFAC%SNYCENVM.BITNET@cornellc.cit.cornell.edu ( FRANK CALLUCCI) writes: > >|> and there would be no way that anyone could decode it. > > This, however, is not true. Although most password crackers use a search >space that does not include control characters, there is absolutely no reason >why control characters cannot be added to the search space. Case in point, as I am a security fascist, I wanted to make sure that people were choosing passwords which were not going to be decodable, so I wrote a program which would go through /usr/dict/words and, for each word, would try it, it with a number of common prefixes and suffixes, it with various digits or punctuation marks before and after, with each letter in turn changed to a capital and control character. This approach took on the order of two weeks to run on a Microvax II at priority 20 (as a practical matter, that meant running only at night). On my current machine (a RIOS 6000) I would expect the whole process to run in under 48 hours. The advantage of using control characters or punctuation marks is that it requires a much longer search. But it is far from uncrackable. Best advice I ever heard was to come up with an eight word phrase and use its initials as your password. Thus "To be, or not to be. That is" yields the password "tbontbti" which is about as difficult to crack as anything, and yet is easy to remember. Ronnie ------------------------------------------------------------------------------- Ronnie B. Kon | kon@groundfog.stanford.edu | "I like that everyone becomes food." ...!{decwrl,ames}!mindcrf!ronnie | -- Hobbes -------------------------------------------------------------------------------