Bugtraq mailing list archives
ANNOUNCE: Crack v5.0a available...
From: alecm () crypto dircon co uk (Alec Muffett)
Date: Sat, 21 Dec 1996 02:13:35 +0000
Eschewing the media-friendly hype which surrounded the release of SATAN some time ago (Hi Dan!) and bemused by the fact that some of the code he wrote years ago has since crept into the Linux-based operating system of the machine he is composing this message on (as a standard part of the authentication libraries, no less) - the author is pleased to announce the release of: Crack v5.0a - The Password Cracker Crack v6.0 - The Minimalist Password Cracker Crack v7.0 - The Brute-Forcing Password Cracker available from: http://www.users.dircon.co.uk/~crypto/ (just like a London bus, you wait ages and then three turn up at once) In the expectation that some kind soul will be good enough to retrieve copies and place them up for FTP at various well-connected mirror sites (the sundry CERTs, COAST, et al), the MD5 checksum for the first distribution is: 6511dca525b7b921ea09eca855cc58f2 - but please be patient if you *do* suffer problems downloading; it's not like Crack is a new piece of technology, so you shouldn't panic about upgrading. NOTE: Discussion of issues relating to running this version of Crack should be directed to the newsgroup "comp.security.unix" - mention "Crack5" in the subject line. - alec ------------------------------------------------------------------ New features. * Complete restructuring - uses less memory * Ships with Eric Young's "libdes" as standard * API for ease of integration with arbitrary crypt() functions * API for ease of integration with arbitrary passwd file format * Considerably better gecos-field checking * More powerful rule sets * Ability to read dictionaries generated by external commands * Better recovery mechanisms for jobs interrupted by crashes * Easier to control (eg: to put to sleep during working hours) * Bundled with Crack6 (minimalist password cracker) * Bundled with Crack7 (brute force password cracker) * Tested on Solaris, Linux, FreeBSD, NetBSD, OSF and Ultrix ---------------------------------------------------------------------------- Requirements. * Unix-like operating system. * C Compiler. * Moderate amount of disk space. * Lots of CPU time. * PERMISSION FROM YOUR SYSADMIN. * Root-privileges, quite possibly. * "gzip" is extremely desirable. * "perl", if networking/multiprocessing. ------------------------------------------------------------------ <diatribe> ps: I'm quite aware that with the release of a new version of Crack there is bound to be some small amount of controversy generated, particularly from the more "postmodernist" members of the hacker community who will probably denigrate my humble efforts as being "passe" and "nothing new or interesting". What they actually mean is that the methods employed by "Crack" are well-understood (at least by themselves) - no longer sexy, and that it is immensely sad that we still suffer a situation where password cracking is still a pretty effective way of breaking into systems, more than 5 years after I first posted Crack in July 1991. With this, I agree. Even so, this is no reason to say that a new release of Crack is "pointless"; for one thing I would point out that it is precisely because of the availability of Crack that password cracking is "passe" in the community, and as the prime mover behind this change, I feel I am perfectly entitled to waste my spare time in any way I want, including in the provision of a newer version. Secondly, things will not continue to improve unless an evolutionary pressure pewrsists to make people *want* to improve their security; Crack 4.1 was starting to get a bit dog-eared around some of the newer operating systems, and it was time for an update. So it is on that basis that I release this new verion. </diatribe> -- alec muffett, oxford, england please reply to: "alecm" at "crypto.dircon.co.uk" http://www.users.dircon.co.uk/~crypto/
Current thread:
- Re: CERT/AUCERT, (continued)
- Re: CERT/AUCERT Theo de Raadt (Dec 19)
- Slow vendor response Alan Cox (Dec 20)
- CERT Bashing, etc Aleph One (Dec 19)
- Re: CERT/AUCERT Yuri Volobuev (Dec 19)
- Re: CERT/AUCERT Tung-Hui Hu (Dec 19)
- TCP bug on old Solaris box ? Gilles Soulet (Dec 20)
- Re: TCP bug on old Solaris box ? Nathan Lawson (Dec 21)
- Buffer overflow in Linux's login program Joe Zbiciak (Dec 22)
- Solaris 2.5 x86 aspppd (semi-exploitable-hole) Thamer Al-Herbish (Dec 20)
- CERT, CIAC, etc. and unethical practices Thamer Al-Herbish (Dec 20)
- ANNOUNCE: Crack v5.0a available... Alec Muffett (Dec 20)
- Security Survey Aleph One (Dec 20)