Re: online MD5 crack database
I should (apparently) add that at the time I did not know enough to ask relevant questions, but it was tossed off in such a way as to sound like that if I did know anything I'd realize the speaker was telling me something obvious so since it didn't seem obvious to me then I must not know anything. Hadn't thought about it since until I saw Perry's post. [ Imagine the math professor who having said "It is obvious that..." steps back from the board for two full minutes before continuing "... yes, it is obvious that..." and you have the feel for the setting two decades ago when I heard the claim. ] --dan - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: online MD5 crack database
On 8/22/05, Steven M. Bellovin <[EMAIL PROTECTED]> wrote: > In message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] writes > : > > > >...the folks at Fort Meade had every > >possible BSD password indexed by its /etc/passwd > >representation. > I'm sorry, I flat-out don't believe that. Probably some details were left out in the telling. Such as "all possible alphanumeric passwords of length 1-16 characters". -- There are no bad teachers, only defective children. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: online MD5 crack database
On Mon, Aug 22, 2005 at 10:08:29AM -0400, Steven M. Bellovin wrote: > >In 1985 I was told by an MIT professor with DoD > >connections and a clearance that certainly no > >later than 1979 the folks at Fort Meade had every > >possible BSD password indexed by its /etc/passwd > >representation. Reversing a password meant to > >simply look up the /etc/password text on-disk to > >see what tape it was on and to then read that > >tape. > > > > I'm sorry, I flat-out don't believe that. For one thing, why would > that have been necessary in 1979? Unix just wasn't that important. > For another, let's do some arithmetic. > More plausible perhaps if they had used a space/time tradeoff, to make the space manageable, then the question is whether CPUs were fast enough or character set sufficiently restricted to make the pre-computation feasible. -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAILMorgan Stanley confidentiality or privilege, and use is prohibited. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: online MD5 crack database
In message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] writes : > >In 1985 I was told by an MIT professor with DoD >connections and a clearance that certainly no >later than 1979 the folks at Fort Meade had every >possible BSD password indexed by its /etc/passwd >representation. Reversing a password meant to >simply look up the /etc/password text on-disk to >see what tape it was on and to then read that >tape. > I'm sorry, I flat-out don't believe that. For one thing, why would that have been necessary in 1979? Unix just wasn't that important. For another, let's do some arithmetic. First -- I'm assuming you mean the classic Morris and Thompson scheme, which has salts. (That scheme was only published in 1979, but maybe Morris told people -- and NSA had tracked and used Unix from way back.) Assume there are 100 possible characters -- the 95 printable, plus a handful of control characters. In those days, @ and # were line kill and character erase, but that meant that ^U and ^H were available. At 8 characters max, that gives us 100^8 possible passwords, times 4K salts. That's about 4*10^19. I'll neglect the indexing overhead, though it would be considerable. Now, the largest disk drive I know of today is about 400GB, or 4*10^11. That means you'd need 10^8 drives. At, say, $50/drive -- very cheap, because you need to factor in the controller and CPU overhead -- that's $5*10^9. Even by NSA's standards, that's a hefty chunk of change. You did, however, mention tapes. The tape drives of that era were, if I recall correctly, 9-track, 6250 bits/inch, with the largest reels being 2400'. Assuming no interrecord gaps -- and such gaps were mandatory and consumed a noticeable amount of space -- that translates to 2400*12*6250 bytes/real, or 180*10^6. If my arithmetic is right, that translates to 222 *billion* tapes. Sorry; even Fort Meade isn't that big. Oops -- I forgot that each password is 8 bytes. Multiply all of those numbers by 8... To figure out how long it would take to generate them, we should start with Diffie and Hellman's DES-cracker. Yes, the set of passwords is smaller than the set of DES keys, but not by that much if you reall allow "every possible" password. Besides, these passwords were (a) iterated 25 times, i.e., having a 25x slowdown, and (b) required custom chips because of the salt. And all this for a system that wasn't in widespread use? Now -- if you mean old-style passwords, of the type Morris and Thompson replaced, it becomes somewhat more plausible. Let's restrict ourselves to 64 characters, mirroring the password styles of the day, unsalted. That's 64^8. It still comes to 1.5 million reels of tape, however, so I still don't believe it. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: online MD5 crack database
"Perry E. Metzger" writes: | | This website has a large database of MD5 hashes of common passwords: | | http://gdataonline.com/ | | Presumably, as storage continues to get cheaper, this sort of thing | will only become easier. | .. | None of this is new -- I'm just noting that the trend continues apace. | In 1985 I was told by an MIT professor with DoD connections and a clearance that certainly no later than 1979 the folks at Fort Meade had every possible BSD password indexed by its /etc/passwd representation. Reversing a password meant to simply look up the /etc/password text on-disk to see what tape it was on and to then read that tape. --dan - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
online MD5 crack database
This website has a large database of MD5 hashes of common passwords: http://gdataonline.com/ Presumably, as storage continues to get cheaper, this sort of thing will only become easier. Ways to ameliorate it? Consistently using long (64 bits or more) salts with hashed passwords makes storing such databases much harder, and encouraging the use of far longer passphrases with much more entropy reduces the problem further. Longer hashes are also a good idea. None of this is new -- I'm just noting that the trend continues apace. Perry PS I found the link off of a /. story earlier today - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]