Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!rutgers!mit-eddie!jbs
From: jbs@eddie.MIT.EDU (Jeff Siegal)
Newsgroups: sci.crypt
Subject: Re: DES info wanted
Message-ID: <5764@eddie.MIT.EDU>
Date: Sat, 9-May-87 20:28:19 EDT
Article-I.D.: eddie.5764
Posted: Sat May  9 20:28:19 1987
Date-Received: Sun, 10-May-87 08:36:39 EDT
References: <2071@hoptoad.uucp> <599@umnd-cs.D.UMN.EDU> <18742@ucbvax.BERKELEY.EDU> <566@jimi.cs.unlv.edu>
Reply-To: jbs@eddie.MIT.EDU (Jeff Siegal)
Distribution: world
Organization: MIT EECS Computer Facility, Cambridge, MA
Lines: 25
Keywords: DES, uses other

In article <566@jimi.cs.unlv.edu> robert@jimi.UUCP (Robert Cray) writes:
>In article <18742@ucbvax.BERKELEY.EDU> rotondo@ernie.Berkeley.EDU.UUCP (Scott Rotondo) writes:
>>[...] "salt" bits.  This makes it impossible to encrypt common words
>>and then check them against all the passwd entries looking for a match.

>[...] (Bob Baldwin's fdes) -- when I tried it, it
>could run through about 50,000 calls to fcrypt(3) (on an 11/780) in
>about 45 minutes. [...] check a list of "common" words against 
>every user (each word would have to be re-encrypted for every user)

Actually, if you make a hobby of cracking password files, you can
collect a library of encrypted dictionaries (i.e. each time you
encrypt the dictionary for a user using that pair of salt characters,
you keep it around on disk).  As your library grows, a substantial
portion of the users in a password file you are attempting to crack
involve a simple lookup (i.e. much < 1 sec)

>The same is true for the
>password-encryption on VMS, except that the VMS routines (that were posted
>to the net) go through about 50k words in ~11 minutes.

Except that the encrypted passwords are not available to any user on a
VMS system--you need privs to access them.

Jeff