Bugtraq mailing list archives

Re: Not so much a bug as a warning of new brute force attack

From: gdonl () gv ssi1 com (Don Lewis)
Date: Tue, 4 Jun 1996 11:49:29 -0700


On Jun 4,  4:06am, Brian Davidson wrote:
} Subject: Re: Not so much a bug as a warning of new brute force attack
} Against a single user account, crack would probably run faster (assuming
} you could get the password file), since you wouldn't be going across a
} network.

You can also make crack faster by linking in a faster crypt() implementation.

} Against multiple accounts, crack has to encrypt each word in the
} dictionary with multiple salts (4096, put there to slow down such attacks).

Yes, but crack only encrypts the dictonary words with the salts of
the remaining uncracked passwords.  If two accounts have encrypted
passwords that happen to have the same salt, crack only has to encrypt
each dictonary word once to check both accounts.

} I beieve (but could be wrong) that an attack against pop would be
} faster.  You can spawn multiple processes, all filling up all the
} available bandwith, and trying to get in.

Of course, alarm bells will probably start going off when the
load average on the machine jumps to 50.

} You don't have to encrypt each
} dictionary word even once, let alone 4096 times.

Unless there are at least 4096 user accounts, crack won't have
to encrypt each dictionary word 4096 times.

If you want to break into any account on a host, I'd guess that
you are generally better off taking a dictionary word and testing
it against each account.  If you pick an account and test each
dictionary word against it, then you're more likely to waste a
lot of time on an "uncrackable" password.  If you use the first
method on a machine with 10000 accounts using the POP server,
then each dictionary word will require 10000 encryptions and
10000 comparisions, whereas crack will only require a maximum
of 4096 encryptions and 10000 comparisons.

} Even if I'm wrong, and the network slows everthing down so that pop is
} *much* slower, it still has the advantage of not requiring access to the
} password file.

Yes, this is the big advantage.  This also meants that it works against
shadow passwords.

                        ---  Truck

Current thread:

Re: brute force, (continued)
- - - Re: brute force Ze'ev Maor (Jun 04)
    - Re: brute force simes () tcp co uk (Jun 04)
  - Re: Not so much a bug as a warning of new brute force attack Bill Broadley (Jun 03)
  - Re: Not so much a bug as a warning of new brute force attack Brian Tao (Jun 08)
    - Re: Not so much a bug as a warning of new brute force attack Paul D. Robertson (Jun 09)
- Re: Not so much a bug as a warning of new brute force attack Stefan Hudson (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Seguridad (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Thomas Roessler (Jun 03)
- Re: Not so much a bug as a warning of new brute force attack Andrew Macpherson (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack John Orthoefer (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack Don Lewis (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack Dave Hayes (Jun 04)
  - Re: Not so much a bug as a warning of new brute force attack Albert Lunde (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack der Mouse (Jun 05)
- Re: Not so much a bug as a warning of new brute force attack der Mouse (Jun 09)
  - Re: Not so much a bug as a warning of new brute force attack Brian Tao (Jun 09)