On Fri, April 22, 2005 9:53 am, Douglas Royds said:...Steve Holdoway wrote:The login routine includes an exponential increase in delay time for each incorrect password, so it's pointless to try more than once.
Which log-in routine, sorry?
I'd hope that all of your authentication went through pam, so any! http://www.vsl.gifu-u.ac.jp/freeman/misc/pam-0.72/ps/pam_appl.ps
Both attacking in parallel and not waiting for a response. And, of course, attacking on ssh, http, dns, snmp, smtp, and all the other services that you may have running concurently as well.
Why would a parallel attack not suffer the exponential delay? A system will only accept a limited number of simultaneous log-in attempts, I assume, after which the exponential delay will apply, won't it?
... the average md5 password can be cracked in 30ms... http://linuxexposed.com/Articles/Hacking/Password-Cracking-and-Time-Memory-Trade-Off.html http://www.linuxexposed.com/Articles/Hacking/Unix-Attacking-Techniques.html http://www.antsight.com/zsl/rainbowcrack/
Thanks for the links. Very interesting. The 30ms only applies if you have an md5-hashed copy of the password, which implies that you've already breached the target machine. Even getting hold of the hashed passwords won't help a lot with Linux though. From the RainbowCrack FAQ:
"Can I crack linux password with RainbowCrack?
No. Salt is used to randomize the stored password hash. With different salt value, same password yeilds different hash value. The time-memory trade-off technique used by RainbowCrack is not practical when appliable to this kind of hash."
Douglas.
======================================================================= This email, including any attachments, is only for the intended addressee. It is subject to copyright, is confidential and may be the subject of legal or other privilege, none of which is waived or lost by reason of this transmission. If the receiver is not the intended addressee, please accept our apologies, notify us by return, delete all copies and perform no other act on the email. Unfortunately, we cannot warrant that the email has not been altered or corrupted during transmission. =======================================================================
