Cryptography Reference
In-Depth Information
At home, she lets Crack run on her PC for a couple of weeks until she finds a
password. She logs into her former employer's system over the network. Next,
she looks for a vulnerability in the system (which is often easy for insiders),
becomes a superuser, and eventually causes immense damage to that company.
Don't think things like this can't happen, because 80 % of all known successful
attacks to computers originate from current or former employees.
But carelessness dominates. When I got my first Internet access I looked at the
password file of the Sun workstation just for fun. Using the UNIX tool grep ,I
quickly found out that among the users who had no password at all , there were
twenty professors. I knew one of them well. I accommodated a little script in
his startup file ( .profile ) that generated the following output:
Dear Mr XYZ,
You have no password at all.
Just think of all the bad people out there!
When I ran into him the next day, he was all excited and told me: 'Imagine
what happened! I logged myself into the Sun yesterday, and this output pops
up at me,' and I said 'Dear Mr XYZ, You have no ... '. He has had a password
ever since.
Some time later, the administrator ran Crack on this Sun and removed all
faults. I was proud that Crack hadn't guessed my password.
The successes of Crack are surprising. In general, about 20 % of all pass-
words are guessed. This shows clearly how much a cryptologically excellent
method (namely the UNIX password encryption) is worth when there's some-
thing wrong in the environment (in the above case, the key selection). The fact
that a fast computer may have to work for a week changes nothing in what's
been said: such an effort is worthwhile for a criminal attacker.
Crack is popular and performs well. This issue actually belongs to Chapter 7,
but it demonstrates very impressively how intelligently one can mount a mean-
ingful brute-force attack. 2
Current UNIX and Linux systems protect themselves against Crack attacks by
storing the encrypted passwords in a separate file called /etc/shadow , which the
regular user can't read, and no longer in /etc/password . In addition, many login
2 We will learn another possibility called 'time - memory tradeoff' in Section 4.4.1.
Search WWH ::




Custom Search