[4189] in bugtraq
Re: Internet Explorer Bug #4
daemon@ATHENA.MIT.EDU (Aaron Spangler)
Tue Mar 18 20:55:52 1997
Date: Tue, 18 Mar 1997 14:14:37 PST
Reply-To: Aaron Spangler <pokee@MAXWELL.EE.WASHINGTON.EDU>
From: Aaron Spangler <pokee@MAXWELL.EE.WASHINGTON.EDU>
X-To: dominique.brezinski@CyberSafe.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <3.0.32.19970314182923.00a72100@pop-srvr>; from "Dominique
Brezinski" at Mar 14, 97 6:29 pm
> To: Aaron Spangler <pokee@MAXWELL.EE.WASHINGTON.EDU>, BUGTRAQ@NETSPACE.ORG
> From: Dominique Brezinski <dominique.brezinski@CyberSafe.COM>
> Subject: Re: Internet Explorer Bug #4
> A sequential brute force attack would be akin to brute forcing DES, a non
> trivial task. I have been playing the lottery by trying to brute force the
> RSA DES challenge on my machine, it has been running for weeks and has
> covered a trivial portion (hundreds of millions of keys!) of the key space.
>
> Basically the "sequential search" attack Aaron mentions (by narrowing the
> key space by limiting the character set) could be all alpha and numeric
> combinations (62 possible characters) for an eight char password and it
> would take about 90 days on my P133(a P133 will do about 490,000 DES crypts
> a second, plus there is some overhead for the hashing, pick MD4 here!) to
> go through the key space. So, an average attack would take 45 days to
> recover a password that was only alpha (upper and lower) and numeric.
Dominique,
Regarding how difficult you make it sound above: (READ BELOW!!!!!)
I wrote a small (125 lines) program which simply uses a medium size
crackers dictionary (1,455,814 words) and runs MD4 and then DES on each
word once. (there is no salt permutation like in unix crypt) and compared
it to the 595 passwords I captured on my web page since Friday. It only
took 4 1/2 minutes on my Hewlett Packard C100 (120 Mhz) and it CRACKED 90
ACCOUNTS! (most of which were 'administrator')
Be afraid, be very afraid!
- Aaron
--
Aaron Spangler EE Unix System Administrator
Electrical Engineering FT-10 pokee@ee.washington.edu
University of Washington Phone (206) 543-8984
Box 352500 or (206) 543-2523
Seattle, WA 98195-2500 Fax (206) 543-3842
