[2684] in bugtraq
Re: Not so much a bug as a warning of new brute force attack
daemon@ATHENA.MIT.EDU (John Orthoefer)
Tue Jun 4 19:26:29 1996
Date: Tue, 4 Jun 1996 14:30:32 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: John Orthoefer <jco@bbn.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Brian Davidson wrote:
> Against multiple accounts, crack has to encrypt each word in the
> dictionary with multiple salts (4096, put there to slow down such attacks).
> I beieve (but could be wrong) that an attack against pop would be
> faster. You can spawn multiple processes, all filling up all the
> available bandwith, and trying to get in. You don't have to encrypt each
> dictionary word even once, let alone 4096 times.
The first thing crack does is make a list of all the salts in the
password file. Since unless you have a password file with at least 4096
passwords in it (realisiticly it's got to be MUCH larger, since you will
start repeating salts at some point) there is no reason to try all
salts.
This will tell you what all the salts that are used in a password file
are:
cut -f 2 -d \: /etc/passwd | cut -c 1,2 | sort | uniq -c | more
Then it dishes out 1 word to some large number of children processes
ecrypting the password n times where n is the number of salts being used
in the target password file.
johno
