X-Message-Index: 042
X-Message-Prev: 039
X-Message-Next: 040
X-Thread-Prev: 216
X-Thread-Next: 066
From: Theodore Ts'o <tytso@ATHENA.MIT.EDU>
To: phage
X-To: rsk@mace.cc.purdue.edu, phage
Subject: Re: Steps in the virus, as best we know them (and fixes)
Date: Fri, 4 Nov 88 16:15:27 EST
X-Date: Fri 16:15:27 04/11/1988 EST

   From: rsk@mace.cc.purdue.edu (Rich Kulawiec)
   Date: Fri, 4 Nov 88 15:43:21 EST
   Organization: Purdue University

   Well, have you figured out what it's doing with /usr/dict/words then?
   It's certainly reading a lot of it, and calling crypt() a lot in
   the same loop.  (I'm not saying I'm right and you're wrong; I just
   want to know what it's up to.)

I'm sorry.... I should have been more precise..... (I haven't gotten
much sleep recently)

	It tries has few different stages of password attacks:
		1) the username
		2) The last/first/last+first/nick name, from the GECOS field
		3) A list of special "popular" passwords
		4) /usr/dict/words

	Yeah, well, I've done some stuff in breaking unix passwords
before, and I considered it to be fairly standard; sorry for not
including more info. 

	On a completely unrelated topic: do people realize that an 8800
can break a 6 letter/numbers password using brute force techniques and
an optimized crypt() in a weekend? Something to think about.

						- Ted