Path: utzoo!utgpu!water!watmath!clyde!att-cb!ihnp4!gargoyle!ddsw1!dnelson
From: dnelson@ddsw1.UUCP (Douglas Nelson)
Newsgroups: sci.crypt
Subject: Re: Unix Password Hacker
Message-ID: <739@ddsw1.UUCP>
Date: 19 Feb 88 13:24:21 GMT
References: <731@ddsw1.UUCP> <657@morningdew.BBN.COM> <1368@homxc.UUCP>
Reply-To: dnelson@ddsw1.UUCP (Douglas Nelson)
Distribution: na
Organization: Traveller's Aid, Mundelein, IL
Lines: 27


Well, as B.MCNAIR mentioned, my posting of that [simple] program was to show
how insecure the passwords on a unix system could be.  

Yes, perhaps there is going to be some CPU time on some systems out there due
to my posting of this program, but my response to the worry of that would be
"Any responsible user that would have any material that they would fell should
 not be compromized or accessed should pick a password a little more complex
 than 'apple' or 'shoe'.  By simply requiring users to have a numeric digit
 in their password would totally defeat this brute-force hacker."
  

Besides, I wouldn't hold you breath as to my  short program being the one that
is going to be wasting your CPU time.  If you think that there might not have
been any problems previous to this, you may have some worse security problems
than this.  I would bet that you would find a simular program on just about
any campus that sports some type of unix or lookalike system.
  
  
As always, I am always open to any comments, suggestions, or threats via mail.



------------------
Douglas Nelson
dnelson@ddsw1.UUCP
------------------