Path: utzoo!utgpu!water!watmath!clyde!att-cb!ihnp4!ulysses!smb
From: smb@ulysses.homer.nj.att.com (Steven Bellovin)
Newsgroups: sci.crypt
Subject: Re: Unix Password Hacker
Message-ID: <10101@ulysses.homer.nj.att.com>
Date: 21 Feb 88 14:11:58 GMT
References: <731@ddsw1.UUCP> <203@tijc02.UUCP> <2861@pitt.UUCP>
Distribution: na
Organization: AT&T Bell Laboratories, Murray Hill
Lines: 10

Folks interested in cracking the UNIX password scheme should read
"Password Security:  A Case History", by Robert Morris and Ken
Thompson.  It appeared in Communications of the ACM 11/1979, Vol 22,
No 11, pp 594-597.  The same paper also appeared as one of the auxiliary
documents distributed with Version 7 UNIX, and redistributed by Berkeley
with their systems.  Those who haven't yet read that paper may be
surprised to learn that matching the password file against the dictionary
isn't a new idea; it had appeared previously in what is quaintly
called ``the literature''.  And reading the literature before hacking
is a remarkably useful idea.