Bugtraq mailing list archives

Re: Redhat 6.0 Password Issues

From: espel () IAGORA COM (Roger Espel Llima)
Date: Sun, 12 Sep 1999 20:54:05 -0400


On Sun, Sep 12, 1999 at 02:39:25PM +1200, Alan Brown wrote:

Anyone relaying on DES passwd encryption these days could be said to
have no passwd encryption at all - the entire legal 1-8 character passwd
space will fit in less than 4Gb, so a determined cracker can fairly
quickly determine what any given crypted password really is.


How do you compute this?  Maybe there's some optimization that I've
missed, but conservatively assuming 64 legal characters, that makes
64^8 = 2^48 different possible passwords.  Just to store 1 byte per
password, you still need over 260Tb.

And that's not counting with salts.

--
Roger Espel Llima, espel () iagora com
http://www.eleves.ens.fr:8080/home/espel/index.html

Current thread:

Re: CGI security, (continued)
- - - Re: CGI security Ivo van der Wijk (Sep 13)
    - Re: CGI security Vladimir Dubrovin (Sep 14)
    - Re: CGI security Arturo Busleiman (Sep 14)
    - Multiple vulnerabilities in CDE Job de Haas (Sep 13)
    - Re: Multiple vulnerabilities in CDE Troy A. Bollinger (Sep 13)
    - Re: Multiple vulnerabilities in CDE Dan Astoorian (Sep 14)
    - Vulnerability in dtspcd Job de Haas (Sep 13)
    - Solaris 2.7 /usr/bin/mail Brock Tellier (Sep 13)
    - Stack Shield 0.5 beta vendicator () USA NET (Sep 13)
    - Re: Redhat 6.0 Password Issues Scott Manley (Sep 12)
    - Re: Redhat 6.0 Password Issues Roger Espel Llima (Sep 12)
    - Vulnerability in dtsession Job de Haas (Sep 13)
- Re: Redhat 6.0 Password Issues der Mouse (Sep 28)