The 'Thot Police'
The best defence against the Thot Police is to say something intelligent, and make your break for it while they are scratching their head, and saying, "Huh?"
Mygod, please tell me you are saying this as a joke... On Thu, 26 Dec 1996, Fyodor Yarochkin wrote:
Anyone has any success in breaking this? -f
Genocide Head of the Genocide2600 Group ============================================================================ **Coming soon! www.Genocide2600.com! ____________________ *---===| |===---* *---===| Genocide |===---* "You can be a king or a street *---===| 2600 |===---* sweeper, but everyone dances with the *---===|__________________|===---* Grim Reaper." Email: gen2600@aracnet.com Web: http://www.aracnet.com/~gen2600 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It is by caffeine alone that I set my mind in motion. It is by the Mountain Dew that the thoughts acquire speed, the lips acquire stains, the stains become a warning. It is by caffeine alone that I set my mind in motion. ================================================================================
Fyodor Yarochkin wrote:
Anyone has any success in breaking this? -f
I was visiting a business running SCO Xenix, and they were all aflutter over the fact that their 'root' password was fucked, and they couldn't perform any System Administration tasks. I took their SCO installation disks, used the 'find' command to find the 'passwd' file, and piped it to the editor. I blanked out the password for 'root' and rebooted the system. When logging on as root, it prompted them for a new 'root' password. By the way, do you know why a 'Back Door' is so named? It's because when someone comes in through it, and wreaks havoc, you wake up with a sore asshole. Toto "The King of Country Porno" "The World's Foremost Computer Expert" "World's Greatest Fisherman" ...and a damn good lay.
Fyodor Yarochkin writes:
Anyone has any success in breaking this? -f
Many people have tried breaking the cipher, I have not heard of anyone being successful. There is however a number of programs that attempt a brute-force of passwords, the best is called 'crack' and is written by Alec Muffet. He's just announced a new release (see below). Crack is commonly used by system administrators to check users passwords for easily-cracked passwords (since it's one of the first things that a hacker breaking into your system might try, the sysadmin can get users to change 'Crack'able passwords before they're hacked). Crack uses a set of word dictionaries that you supply, and rules to use to permute each word (add a '1' on the end, capitalize the first character, etc). for more attempts. It also included a re-written version of the crypt algorithim that's faster than what comes in many UNIXes. Reply-To: Alec Muffett <alecm@crypto.dircon.co.uk> Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG> Subject: ANNOUNCE: Crack v5.0a available... X-To: bugtraq@fc.net To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG> Eschewing the media-friendly hype which surrounded the release of SATAN some time ago (Hi Dan!) and bemused by the fact that some of the code he wrote years ago has since crept into the Linux-based operating system of the machine he is composing this message on (as a standard part of the authentication libraries, no less) - the author is pleased to announce the release of: Crack v5.0a - The Password Cracker Crack v6.0 - The Minimalist Password Cracker Crack v7.0 - The Brute-Forcing Password Cracker available from: http://www.users.dircon.co.uk/~crypto/ (just like a London bus, you wait ages and then three turn up at once) In the expectation that some kind soul will be good enough to retrieve copies and place them up for FTP at various well-connected mirror sites (the sundry CERTs, COAST, et al), the MD5 checksum for the first distribution is: 6511dca525b7b921ea09eca855cc58f2 - but please be patient if you *do* suffer problems downloading; it's not like Crack is a new piece of technology, so you shouldn't panic about upgrading. NOTE: Discussion of issues relating to running this version of Crack should be directed to the newsgroup "comp.security.unix" - mention "Crack5" in the subject line. - alec ------------------------------------------------------------------ New features. * Complete restructuring - uses less memory * Ships with Eric Young's "libdes" as standard * API for ease of integration with arbitrary crypt() functions * API for ease of integration with arbitrary passwd file format * Considerably better gecos-field checking * More powerful rule sets * Ability to read dictionaries generated by external commands * Better recovery mechanisms for jobs interrupted by crashes * Easier to control (eg: to put to sleep during working hours) * Bundled with Crack6 (minimalist password cracker) * Bundled with Crack7 (brute force password cracker) * Tested on Solaris, Linux, FreeBSD, NetBSD, OSF and Ultrix -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
On Thu, 26 Dec 1996, Eric Murray wrote:
Fyodor Yarochkin writes:
Anyone has any success in breaking this? -f
Many people have tried breaking the cipher, I have not heard of anyone being successful.
There is however a number of programs that attempt a brute-force of passwords, the best is called 'crack' and is written by Alec Muffet.
From Applied Cryptography (2nd edition) I got the impression that it has been cracked. Do a netsearch for "Crypt Breakers Workbench", its a freeware program that attempts to do just that.
- Lester
-----BEGIN PGP SIGNED MESSAGE----- In article <Pine.LNX.3.95.961226144201.17791B-100000@micro.internexus.net>, Laszlo Vecsey <master@internexus.net> wrote:
From Applied Cryptography (2nd edition) I got the impression that it has been cracked. Do a netsearch for "Crypt Breakers Workbench", its a freeware program that attempts to do just that.
Please note the difference between crypt(3), the C library call used to hash passwords, and crypt(1), the user program that encrypts files. The former is based on DES, and has not been broken (unless someone from the NSA wants to speak up now). The latter is based on the Enigma machine, and is the one that "Crypt Breakers Workbench" attacks. - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMslj2kZRiTErSPb1AQGLyQQAqzq6bWByz48dJq+hnJs+jLCqJQ+1hfI6 zZgURqMYvpFwSq4eIiHr1ukNAKP7Vrr0eHSAFalkPDn1Ii/YueY/SRRE+8oFXIho C+bJVnXpOBpjitHYpskSuGY4F5FmJrzn8U8vmlhes6viqNq00OmQANoJ0Gr+OUY4 VSHcKXwYMT4= =Anex -----END PGP SIGNATURE-----
participants (6)
-
Carl Johnson -
Eric Murray -
Fyodor Yarochkin -
Genocide -
iang@cs.berkeley.edu -
Laszlo Vecsey