[38] in linux-security and linux-alert archive
Re: Sh*dow Passwords?
daemon@ATHENA.MIT.EDU (R.E.Wolff@et.tudelft.nl)
Tue Mar 7 07:37:20 1995
To: linux-security@tarsier.cv.nrao.edu
Date: Tue, 7 Mar 1995 10:33:30 +0100 (MET)
In-Reply-To: <m0rlqjv-000xCcC@hq.jcic.org> from "Daniel Hollis" at Mar 6, 95 08:19:18 pm
From: R.E.Wolff@et.tudelft.nl
Reply-To: linux-security@tarsier.cv.nrao.edu
>
> [Mod: excessive quoting trimmed. --okir]
>
> Yes, this would be very nice. Rewrite the shadow suite from scratch, GPL the
> whole damned thing, and tell John to shove it. The current shadow package
> is a monster, there is no reason it can't be 1/2 to 1/3 the size it
> currently is.
>
> Does anyone know of weaknesses in the shadow package? Shortcomings? It
> would be a chance to correct them, if any -- and have a freely
> redistributable shadow package.
Talking about serious weaknesses in the shadow package:
Suppose I have the password "impressive" (chosen from a much too small
set-of-words in /usr/dict/words). A cracker would need to test on the
order of 24000 words (the number of words in our /usr/dict/words).
With shadow passwords, this wouldn't be the case. Crack the last two
characters with 26*26 attempts, and bingo you've got ........ve .
grep ^........ve$ /usr/dict/words |wc
and you've got 46 more tries to go. In short this password, although
longer than 8 characters, was substantially easier to crack than
an eight character password would have been. The scheme might be a
little harder when it isn't "given" that it's a word from /usr/dict/words,
but substantial savings can be reached by first cracking the
much-too-short second half of the 10-12 character password, and using
that to limit the search for the first part.
Roger.
