Cryptography Reference
In-Depth Information
At home, she lets
Crack
run on her PC for a couple of weeks until she finds a
password. She logs into her former employer's system over the network. Next,
she looks for a vulnerability in the system (which is often easy for insiders),
becomes a superuser, and eventually causes immense damage to that company.
Don't think things like this can't happen, because 80 % of all known successful
attacks to computers originate from current or former employees.
But carelessness dominates. When I got my first Internet access I looked at the
password file of the Sun workstation just for fun. Using the UNIX tool
grep
,I
quickly found out that among the users who had no password
at all
, there were
twenty professors. I knew one of them well. I accommodated a little script in
his startup file (
.profile
) that generated the following output:
Dear Mr XYZ,
You have no password at all.
Just think of all the bad people out there!
When I ran into him the next day, he was all excited and told me: 'Imagine
what happened! I logged myself into the Sun yesterday, and this output pops
up at me,' and I said 'Dear Mr XYZ, You have no
...
'. He has had a password
ever since.
Some time later, the administrator ran
Crack
on this Sun and removed all
faults. I was proud that
Crack
hadn't guessed my password.
The successes of
Crack
are surprising. In general, about 20 % of all pass-
words are guessed. This shows clearly how much a cryptologically excellent
method (namely the UNIX password encryption) is worth when there's some-
thing wrong in the environment (in the above case, the key selection). The fact
that a fast computer may have to work for a week changes nothing in what's
been said: such an effort is worthwhile for a criminal attacker.
Crack
is popular and performs well. This issue actually belongs to Chapter 7,
but it demonstrates very impressively how intelligently one can mount a mean-
ingful brute-force attack.
2
Current UNIX and Linux systems protect themselves against
Crack
attacks by
storing the encrypted passwords in a separate file called
/etc/shadow
, which the
regular user can't read, and no longer in
/etc/password
. In addition, many login
2
We will learn another possibility called 'time - memory tradeoff' in Section 4.4.1.