The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #042 [Re: Steps in the virus, as best we know them (and fixes)] (1 message, 828 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/042.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: Theodore Ts'o <tytso@ATHENA.MIT.EDU>
To: phage
Date: Fri 16:15:27 04/11/1988 EST
Subject: Re: Steps in the virus, as best we know them (and fixes)
References: [Thread Prev: 216] [Thread Next: 066] [Message Prev: 039] [Message Next: 040]

   From: rsk@mace.cc.purdue.edu (Rich Kulawiec)
   Date: Fri, 4 Nov 88 15:43:21 EST
   Organization: Purdue University

   Well, have you figured out what it's doing with /usr/dict/words then?
   It's certainly reading a lot of it, and calling crypt() a lot in
   the same loop.  (I'm not saying I'm right and you're wrong; I just
   want to know what it's up to.)

I'm sorry.... I should have been more precise..... (I haven't gotten
much sleep recently)

	It tries has few different stages of password attacks:
		1) the username
		2) The last/first/last+first/nick name, from the GECOS field
		3) A list of special "popular" passwords
		4) /usr/dict/words

	Yeah, well, I've done some stuff in breaking unix passwords
before, and I considered it to be fairly standard; sorry for not
including more info. 

	On a completely unrelated topic: do people realize that an 8800
can break a 6 letter/numbers password using brute force techniques and
an optimized crypt() in a weekend? Something to think about.

						- Ted

END OF DOCUMENT