File: sci.crypt.1

package info (click to toggle)
mswordview 0.5.14-bw6-2
  • links: PTS
  • area: main
  • in suites: potato
  • size: 7,000 kB
  • ctags: 1,814
  • sloc: ansic: 18,008; perl: 796; makefile: 195; sh: 133; awk: 86; csh: 28
file content (65 lines) | stat: -rw-r--r-- 2,199 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
From altavista usenet search with terms +md5 +rc4 +word

Re: a question about time and DES cracking



From           "John E. Kuslich" <johnk@crak.com>
Organization   CRAK Software www.crak.com
Date           Fri, 09 Apr 1999 13:06:08 -0600
Newsgroups     sci.crypt
Message-ID     <370E4FA0.98527C93@crak.com>
References     1 2 3



Not true if you have special hardware to do the brute force crack AND you approach
the problem properly.

Take Word 8 and Excel 8 for instance.  There are many many more passwords than
there are keys.  The RC4 encryption and MD5 (modified) hash used here result in a
key space of 40 bits but a password space that is zillions of times larger.  True,
some of the passwords are duplicates, but not enough so that  a brute force
password search is not ridiculous.

A key search, on the other hand, is a very reasonable proposition given the proper
hardware. At CRAK Software we can search the entire Word 8 and Excel 8  keyspace
at a rate of a few million keys per second.  This gives an exhaustive search for
all possible keys in a few days.  Adios 40 bit RC4 encryption!

Visit http://www.crak.com for details on how it is done.

JK

Sundial Services wrote:

> Steve wrote:
> >
> > The length of time required depends on the cracks/second that John is
> > running at and the keyset & keylength that you are running at.
> > i.e.:
> >
> > running at 50k cracks/second
> > 1-6 character passwords, all lowercase: time in seconds =  26^6/50000
> > figure it out.
> > >
> > >i'm running john the ripper DES cracker on my home linux password file.
> > >
> > >i have to say that i'm extremely surprised to see how slowly the
> > >incremental cracker works.  it's been working for weeks, and i've only
> > >obtained about 10 cracked passwords.
> > >
> > >does anybody know any order of magnitude estimates on unix password hacking
> > >and time on a typical pentium II/300?   are we talking decades, years or
> > >months?
>
> It sounds like DES is doing its job.  Brute-force cracking of any
> reasonable password scheme is truly a waste of time.



--
CRAK Software (Password Recovery Software)
Http://www.crak.com
johnk@crak.com
602 863 9274 or 1 800 505 2725 In the USA