From: probreak@matt.ksu.ksu.edu (James Michael Chacon) Subject: Re: Weird group problems under .99.3 Date: 14 Jan 1993 20:46:45 GMT
magnus@brisk.ii.uib.no (Magnus Y Alvestad) writes:
>You say that the availability of crypt as source code is a security
>problem, or rather - that it makes it simpler to break passwords.
>Do you really think crypt is reversible?
>If you can do that, you're a rich man.
>-Magnus
Obviously you've never seen crack. This program runs password guess's quickly
though the crypt code to generate encrypted passwords. Then it compares
them against the given guess.
This can be done across multiple machines simultaneously to generate millions
of guess's quickly.
Crypt doesn't have to be reversable in this case, only the fact that the code
was available and so something like crack could be written.
I know a sysadmin here, who regularly runs his password file through crack
to find the passwords that are easy to guess by others.
Also, check out the code breakers workbench if you want to see code that
can break crypt and other things.
James