Fyodor Yarochkin writes:
Anyone has any success in breaking this? -f
Many people have tried breaking the cipher, I have not heard of anyone being successful. There is however a number of programs that attempt a brute-force of passwords, the best is called 'crack' and is written by Alec Muffet. He's just announced a new release (see below). Crack is commonly used by system administrators to check users passwords for easily-cracked passwords (since it's one of the first things that a hacker breaking into your system might try, the sysadmin can get users to change 'Crack'able passwords before they're hacked). Crack uses a set of word dictionaries that you supply, and rules to use to permute each word (add a '1' on the end, capitalize the first character, etc). for more attempts. It also included a re-written version of the crypt algorithim that's faster than what comes in many UNIXes. Reply-To: Alec Muffett <alecm@crypto.dircon.co.uk> Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG> Subject: ANNOUNCE: Crack v5.0a available... X-To: bugtraq@fc.net To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG> Eschewing the media-friendly hype which surrounded the release of SATAN some time ago (Hi Dan!) and bemused by the fact that some of the code he wrote years ago has since crept into the Linux-based operating system of the machine he is composing this message on (as a standard part of the authentication libraries, no less) - the author is pleased to announce the release of: Crack v5.0a - The Password Cracker Crack v6.0 - The Minimalist Password Cracker Crack v7.0 - The Brute-Forcing Password Cracker available from: http://www.users.dircon.co.uk/~crypto/ (just like a London bus, you wait ages and then three turn up at once) In the expectation that some kind soul will be good enough to retrieve copies and place them up for FTP at various well-connected mirror sites (the sundry CERTs, COAST, et al), the MD5 checksum for the first distribution is: 6511dca525b7b921ea09eca855cc58f2 - but please be patient if you *do* suffer problems downloading; it's not like Crack is a new piece of technology, so you shouldn't panic about upgrading. NOTE: Discussion of issues relating to running this version of Crack should be directed to the newsgroup "comp.security.unix" - mention "Crack5" in the subject line. - alec ------------------------------------------------------------------ New features. * Complete restructuring - uses less memory * Ships with Eric Young's "libdes" as standard * API for ease of integration with arbitrary crypt() functions * API for ease of integration with arbitrary passwd file format * Considerably better gecos-field checking * More powerful rule sets * Ability to read dictionaries generated by external commands * Better recovery mechanisms for jobs interrupted by crashes * Easier to control (eg: to put to sleep during working hours) * Bundled with Crack6 (minimalist password cracker) * Bundled with Crack7 (brute force password cracker) * Tested on Solaris, Linux, FreeBSD, NetBSD, OSF and Ultrix -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF