>>Perhaps a bit, but not too much. The passwords in /etc/passwd are encrypted >>through one-way DES encryption. It's much easier to simply guess users' >>passwords, the majority of which are first-names or first-names followed >>by a number. >> > Actually, cracking a unix passwd file is quite easy, even for those >with minimal computer knowledge. With widely available programs like Crack >(UNIX), Crakerjack (DOS), and root_crack(DOS) anybody with a CPU >386 can >crack the DES encryption with a bit of time.
My understanding of this situation (and please correct me if I'm wrong) is that the crypt() routine used by passwd is a truly one-way hashing algorithm, i.e. there simply is no way to go from an encrypted password back to the original. Actually, I seem to remember reading that the crypt routine uses the password in combination with a "random" (based on time of day) string of bits (called the "salt", can't remember the length, I think it was 12 bits, giving 4096 possible encryptions of any given string), and that it uses this new salt+password as its key in encrypting a string of 0's. Given this, the only way to crack the passwords is to compile a dictionary of possible passwords, by taking all the likely strings to be used as passwords and encrypting each one 4096 times, once for each salt. Once you have this dictionary made, it can be distributed to anyone to use as the foundation of their crack attack, but if you wish to hack someone personally, i.e. by checking their first name, etc., you'll have to add these to the dictionary (unless common names are also part of the original dictionary). And it should be plain how anyone with reasonable password-selection skills can be pretty much immune to this attack, e.g. by using non-word strings, by having punctuation, by varying the case of your characters, etc. If the max passwd length is 8 bytes, then at a quick estimate it seems that there are 256^8 * 4096 different possible passwords...? I think this is a fascinating subject, I hope I haven't gotten it too wrong. Please reply with corrections. Thanks, Steve
