[11887] in bugtraq
Re: Redhat 6.0 Password Issues
daemon@ATHENA.MIT.EDU (Roger Espel Llima)
Tue Sep 14 06:35:43 1999
Mail-Followup-To: Alan Brown <alan@MANAWATU.GEN.NZ>, BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990912205405.A15922@iAgora.com>
Date: Sun, 12 Sep 1999 20:54:05 -0400
Reply-To: Roger Espel Llima <espel@IAGORA.COM>
From: Roger Espel Llima <espel@IAGORA.COM>
X-To: Alan Brown <alan@MANAWATU.GEN.NZ>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.05.9909121436490.11010-100000@mailhost.manawatu.net.nz>; from Alan Brown on Sun, Sep 12,
1999 at 02:39:25PM +1200
On Sun, Sep 12, 1999 at 02:39:25PM +1200, Alan Brown wrote:
> Anyone relaying on DES passwd encryption these days could be said to
> have no passwd encryption at all - the entire legal 1-8 character passwd
> space will fit in less than 4Gb, so a determined cracker can fairly
> quickly determine what any given crypted password really is.
How do you compute this? Maybe there's some optimization that I've
missed, but conservatively assuming 64 legal characters, that makes
64^8 = 2^48 different possible passwords. Just to store 1 byte per
password, you still need over 260Tb.
And that's not counting with salts.
--
Roger Espel Llima, espel@iagora.com
http://www.eleves.ens.fr:8080/home/espel/index.html
