Re: [plug] passwd crack

Rafael 'Dido' Sevilla Mon, 06 Aug 2001 00:01:40 -0700
On Fri, Aug 03, 2001 at 05:48:25PM +0800, dwen wrote:
> 
> 
> hello guys,
> 
> what Linux distro that can't be crack by any Passwd cracker (john d
> ripper, nutcracker..etc) ?
> 
> i've tried john the ripper on an Mandrake 8.0 and it can still crack the
> password (copied /etc/shadow to /johndir/....).
> 
> is it normal for a password tool to decrypt the passwords of a new system
> assuming you have a copy of shadowed passwd file (own box) ?

Of course.  The difficulty of cracking a password file has nothing to
do with the Linux distribution you're using, and everything to do with
how good (i.e. random) your passwords are.  If you insist on using
weak passwords then not even if your passwords are hashed with SHA-512
(the largest bitlength hash function in wide use, 64 byte output) will
you be secure from such a password cracker.  If you have strong
passwords that are not obvious to a dictionary then maybe you'll get
somewhere in terms of security.

Bruce Schneier gives some suggestions for hard to crack passwords: use
two or more different words separated by a random punctuation mark
(e.g. comet!barney or black*hole) or get a long but memorable phrase
and use the first letters (e.g. "My name is Ozymandias king of kings"
-> mniokok).  There are very many pairs even of English words, and a
dictionary that would try them all could take many weeks or even
months given the average computer power available to an individual or
even a small group of individuals (by which time the password will
have already changed to something else).  Try using sets of words or
phrases in Tagalog, Visayan, or some other Philippine language and the
job rapidly becomes impossible even for organizations like the NSA
(unless they've found a way to invert the one-way hash functions used
to encrypt passwords of course!).

-- 
Rafael R. Sevilla <[EMAIL PROTECTED]>   +63(2)   8177746 ext. 8311
Programmer, InterdotNet Philippines              +63(917) 4458925
http://dido.engr.internet.org.ph/                OpenPGP Key ID: 0x5CDA17D8

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GAT d- s:- a- C++++ UL+++ P+++ L+++ E++ W++ N+ o K- w--- 
O- M-- V- PS+ PE Y+ PGP++ t+ 5 X+ R tv+ b+++ DI++ D+ 
G e++ h! r++ y+ 
------END GEEK CODE BLOCK------
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
[EMAIL PROTECTED]
Re: [plug] passwd crack

Reply via email to
