Path: utzoo!mnetor!uunet!husc6!bloom-beacon!gatech!udel!udccvax1!relkins
From: relkins@vax1.acs.udel.EDU (Rob Elkins)
Newsgroups: sci.crypt
Subject: Re: Crypt() hackers
Message-ID: <618@udccvax1.acs.udel.EDU>
Date: 3 Feb 88 19:02:59 GMT
References: <538@ddsw1.UUCP>
Reply-To: relkins@vax1.acs.udel.EDU (Rob Elkins)
Organization: University of Delaware
Lines: 25
Keywords: crypt,cbw,plaintext,hackers

In article <538@ddsw1.UUCP> dnelson@ddsw1.UUCP (Douglas Nelson) writes:
>
>I heard something about the regular old crypt() on most versions of Unix has
>been cracked by a program???  Being a security adviser for our system, I would
>like to see how this was done, and what could be done to prevent it.

Yes, this is true.  The program is called cbw or crypt-breakers-workbench
and it is available from unix-archives (Vol 10). It uses techniques described
in a paper by Reeds & Weinberger (ATT Bell Tech Journal 10/84).  The author
of cbw, Robert Baldwin wrote the program to show the inherient problems
with crypt.  Using cbw and a little patience, a crypted file can be turned
into plaintext. 

Baldwin does describe some possible ways to better secure files if you are
forced to use crypt.  cbw uses a plaintext attack approach on the file, thus
a binary file can not be decrypted using cbw.  Baldwin suggests using the
unix compress program before crypting a file.

Rob Elkins

-- 
ARPA:   relkins@vax1.acs.udel.edu
BITNET: FFO04688 AT ACSVM

Live Long and Prosper!