Bugtraq mailing list archives
Re: Redhat 6.0 Password Issues
From: espel () IAGORA COM (Roger Espel Llima)
Date: Sun, 12 Sep 1999 20:54:05 -0400
On Sun, Sep 12, 1999 at 02:39:25PM +1200, Alan Brown wrote:
Anyone relaying on DES passwd encryption these days could be said to have no passwd encryption at all - the entire legal 1-8 character passwd space will fit in less than 4Gb, so a determined cracker can fairly quickly determine what any given crypted password really is.
How do you compute this? Maybe there's some optimization that I've missed, but conservatively assuming 64 legal characters, that makes 64^8 = 2^48 different possible passwords. Just to store 1 byte per password, you still need over 260Tb. And that's not counting with salts. -- Roger Espel Llima, espel () iagora com http://www.eleves.ens.fr:8080/home/espel/index.html
Current thread:
- Re: CGI security, (continued)
- Re: CGI security Ivo van der Wijk (Sep 13)
- Re: CGI security Vladimir Dubrovin (Sep 14)
- Re: CGI security Arturo Busleiman (Sep 14)
- Multiple vulnerabilities in CDE Job de Haas (Sep 13)
- Re: Multiple vulnerabilities in CDE Troy A. Bollinger (Sep 13)
- Re: Multiple vulnerabilities in CDE Dan Astoorian (Sep 14)
- Vulnerability in dtspcd Job de Haas (Sep 13)
- Solaris 2.7 /usr/bin/mail Brock Tellier (Sep 13)
- Stack Shield 0.5 beta vendicator () USA NET (Sep 13)
- Re: Redhat 6.0 Password Issues Scott Manley (Sep 12)
- Re: Redhat 6.0 Password Issues Roger Espel Llima (Sep 12)
- Vulnerability in dtsession Job de Haas (Sep 13)