Bugtraq mailing list archives
Re: Not so much a bug as a warning of new brute force attack
From: taob () io org (Brian Tao)
Date: Mon, 10 Jun 1996 00:08:31 -0400
On Sun, 9 Jun 1996, der Mouse wrote:
I don't know what code FreeBSD is using, but I don't see a round count in the above hashed password.
I believe it goes through 1000 rounds: /* * and now, just to make sure things don't run too fast * On a 60 Mhz Pentium this takes 34 msec, so you would * need 30 seconds to build a 1000 entry dictionary... */ for(i=0;i<1000;i++) { MD5Init(&ctx1); if(i & 1) MD5Update(&ctx1,pw,strlen(pw)); else MD5Update(&ctx1,final,16); if(i % 3) MD5Update(&ctx1,sp,sl); if(i % 7) MD5Update(&ctx1,pw,strlen(pw)); if(i & 1) MD5Update(&ctx1,final,16); else MD5Update(&ctx1,pw,strlen(pw)); MD5Final(final,&ctx1); } -- Brian Tao (BT300, taob () io org, taob () ican net) Systems and Network Administrator, Internet Canada Corp. "Though this be madness, yet there is method in't"
Current thread:
- Re: Not so much a bug as a warning of new brute force attack, (continued)
- Re: Not so much a bug as a warning of new brute force attack Stefan Hudson (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Seguridad (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Thomas Roessler (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Andrew Macpherson (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack John Orthoefer (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack Don Lewis (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack Dave Hayes (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack Albert Lunde (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack der Mouse (Jun 05)
- Re: Not so much a bug as a warning of new brute force attack der Mouse (Jun 09)
- Re: Not so much a bug as a warning of new brute force attack Brian Tao (Jun 09)