[2105] in Info-AFS_Redistribution
Re: Password Cracking
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Oct 19 22:33:06 1993
To: goeringh@re.deere.com (Hope Goering)
Cc: info-afs@transarc.com
In-Reply-To: Your message of "Tue, 19 Oct 1993 14:28:04 MDT."
Reply-To: pmetzger@lehman.com
Date: Tue, 19 Oct 1993 21:05:40 -0400
From: "Perry E. Metzger" <pmetzger@lehman.com>
Hope Goering says:
> Are there any programs available that will sweep through a
> passwd file and a Kerberos database and attempt to crack
> users' passwords?
>
> There are programs available to do this just with /etc/passwd
> files, but I'm not familiar with anything that tries to
> crack Kerberos passwords.
>
> I am interested in this because I suspect that many of our
> users have very "crackable" passwords and we are trying to
> get a better handle on this.
To my knowledge, "crack" doesn't handle kerberos passwords, but could
easily be modified to do so. The absense of "salt" in the passwords a
la crypt(3) would likely make it run faster than a normal crack run. I
would suggest running the cracker directly on the kerberos server and
directly accessing the key database for maximum efficiency.
Perry
