Path: utzoo!utgpu!news-server.csri.toronto.edu!utcs.toronto.edu!cks
Newsgroups: comp.org.eff.talk
From: cks@hawkwind.utcs.toronto.edu (Chris Siebenmann)
Subject: Re: Passwords
Message-ID: <1991Jun19.162154.10662@jarvis.csri.toronto.edu>
Organization: Ziebmef home away from home
References: <14907.28501E2D@fidogate.FIDONET.ORG> <1991Jun11.221113.14213@athena.cs.uga.edu> <13486@uhccux.uhcc.Hawaii.Edu>
Date: 19 Jun 91 20:21:54 GMT
Lines: 19

newsham@wiliki.UUCP (Timothy Newsham) writes:
| If variations on the name doesn't work, the password hacker, if
| configured to do so, would go on to try every word in the dictionary.
| Most hackers don't go as far as trying the dictionary, since it takes
| weeks to compare every login with every word in the dictionary.

 This used to be the case, but both machines and password encryptors
have been slowly speeding up. I believe the last time I measured
things, I could manage about 450 encryptions/sec on a DECStation 3100
(about 14 MIPS, I think) with a program written (smartly) in C; I have
reports of significantly faster algorithms using hand-optimized
assembler.  Combine this with several of the new HP Snake workstations
(70-odd MIPS, I believe) and you have bad news.

--
	"Andrew is so incredibly reliable that almost any printing
	 command will work, as long as it is long and complex
	 enough..."		- Nathaniel Borenstein
cks@hawkwind.utcs.toronto.edu	           ...!{utgpu,utzoo,watmath}!utgpu!cks