Very Computer

Drink less coffee.

Seriously, a first run of crack will take a few days.  I routinely
run it on a SparcStation 20 (mostly idle), and it takes more than
a day to run through the password file (~600 entries now).  In fact,
I started it at 2:26pm Jul 18, and it finished at 11:20pm Jul 19.

During the fall/spring semesters we have ~3000 user accounts, and
a first run through the password file takes nearly a week.  Later
runs, however, are quicker.

-Brent

--
---------------------------------------------------------------------------
Brent Burton

Quote:

>>c) Any tips for increasing the speed of Crack?

>Yes: don't use it.  You're much better off installing a replacement for
>/etc/passwd that prevents users from setting easily cracked passwords
>in the first place.

Chris

Here are a couple of questions I have.  If you could help me out with
them or point me to a document which could help me, that would be
fabulous!

a) Since the UNIX passwords on my system are only 8 characters long,
   should I remove all words in the dictionary over 8 characters long?

b) Do you think the performance of UFC-Crypt is worth it's bad memory
   management spoken of in the Crack README?

c) Any tips for increasing the speed of Crack?

Thanks so much,
Dave Clausen

David> a) Since the UNIX passwords on my system are only 8 characters
David> long, should I remove all words in the dictionary over 8
David> characters long?

Even if passwords are only 8 chars long, people may choose to type
more (for example 'whiteboard'). If you remove 'whiteboard' from your
dictionary, you'll miss this one because 'whiteboa' is not (I think)
a regular word and won't be in your dictionary.

A better solution would be to truncate words to eight characters and
then remove duplicates. But once again, this is not a good solution :
people often reverse words, for example 'draobetihw', which will be
taken as 'draobeti' by your computer and won't be found by Crack if
you have truncated your entries.

  Sam
--
"La cervelle des petits enfants, ca doit avoir comme un petit gout de noisette"
                                                       Charles Baudelaire

        - Kevin
--
Kevin Archie                    http://www.alumni.caltech.edu/~karchie

: >Replacing /etc/passwd will certainly solve many problems, but I suspect
: >it may create others :^).

: Don'tcha hate it when the fingers go faster than the brain?  I meant,
: of course, to replace your password program (e.g., /bin/passwd).

:       - Kevin

I dunno, I can come up with some /etc/passwd files that Crack will
zip through quite quickly!  :)

Or you could always just remove a few entries... :)

Lex

Quote:> Here are a couple of questions I have.  If you could help me out with
> them or point me to a document which could help me, that would be
> fabulous!
> a) Since the UNIX passwords on my system are only 8 characters long,
>    should I remove all words in the dictionary over 8 characters long?

Quote:> b) Do you think the performance of UFC-Crypt is worth it's bad memory
>    management spoken of in the Crack README?

Quote:> c) Any tips for increasing the speed of Crack?

Dom

=====================================================================
| It's nice to be important, but it's *important* to suck up to the |
| sysadmin  -- Me                                                   |
=====================================================================

=====================================================================

Don't use Crack. Use a proactive password checker hooked into /bin/passwd
(so that passwords are "checked" against Crack rules as the user *sets* the
new password - no need for encrypting 245,000 words in order to find this
one that matches...).

npasswd 2.0 which does exactly that
(http://uts.cc.utexas.edu/~clyde/npasswd.html for details).
--
                       Szymon Sokol -- Network Manager
U    U M     M M     M University of Mining and Metallurgy, Computer Center
U    U MM   MM MM   MM ave. Mickiewicza 30, 30-059 Krakow, POLAND
U    U M M M M M M M M TEL. +48 (12) 172885, 172894   FAX +48 (12) 338907
 UUUU  M  M  M M  M  M WWW page: http://www.uci.agh.edu.pl/~szymon/

--
    Trey Breckenridge               Mississippi State University/NSF
     -Systems Administrator           ENGINEERING RESEARCH CENTER
     -Database Administrator                     for

 JB> Do you (or anyone) have a suggestion as to what to replace
 JB> /BIN/passwd with that checks for pinheaded passwords?

Here is an announcement for anlpasswd-2.0.  We're using 2.3, available
from the same site.

It required a tiny bit of hacking to get into place on our SunOS 4.1.3
machines, but it was worth it.  If you like perl, I think it's the
best solution.  It wasn't much effort to add chfn and chsh support to
it, either.

Just read the source, and all will be clear.

- --Gordon

- --
Gordon Matzigkeit     |  Heck, it was only a TOASTER... lighten up!

Keyprint: D5 66 08 E0 4D F4 D7 7B 8A C8 8A 9C 7F 39 25 A7 - ID 339ABEB9

======================================================================

           Announcing "ANLpasswd" (formally perl-passwd2).

While other programs check for bad passwords after the fact, it is
important to have good passwords at all times, not just after the
latest Crack run.  To this end we have modified Larry Wall's Perl
password program and added;

        "ypsmarts", so that it does the intelligent thing in an NIS
        environment,

        it allows for gecos changes, and also

        checks a sorted list of all the "bad passwords".

The list of bad passwords are ALL the words that Crack will generate,
given all the dictionaries that we could get our hands on (107 MB of
unique words, so far). The combination of improvements has turned
publicly available code into a powerful tool that can aid sites in the
maintenance of local security.

We have presented this code at SURF 92 and SUG 92.  It has also been
referenced in _Unix Review_.

We have been using it for a year now and haven't had any major
problems.  I know that a couple other sites are also using it.  It
currently runs on: Sun, IBM, NeXT, SGI, Intel iPSC860, Alliant,
Encore, BBN TC200, Solbourne, Sequent.

Also if you enter a reasonable email address to our not-so-anonymous
ftp server, we will notify you of any updates.

It can be anonymous ftp'd from:

        info.mcs.anl.gov

You'll find the whole package in:

        /pub/systems/anlpasswd-2.0.tar.Z

If you find it useful, please let us know.  Also please let us know of
any improvements you may add.

- --Mark
Mark Henderson                                  Building 203  Room C-250
Manager, Advanced Computing                     9700 South Cass Avenue
Argonne National Laboratory                     Argonne, Illinois 60439

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface

iQCVAwUBMDOQECFsfCEzmr65AQHDyAP/Ryg4+k1BlKcfCA5i7OrG7huzZYzOrJEy
wefwQCjHW6PIHFN27ex0IOWR3ixr/URARh7aSczX1uxEO9zYi9ldT4kPj5mx0l5F
bmV4IDkexaJ8Ja4Fw6rZstYI2PAmt3uh7F/WEkFpTLJoJKZwXJDfkfKUzgZMW+F2
BBWvjMEBBM4=
=8h/2
-----END PGP SIGNATURE-----

Thanks in advance,
-Jim

(Please CC via e-mail)
----------------

En Technology, Inc.
78 Elm St., POB 657                             TEL: 603/863-1904
Newport, NH 03773-0657                          FAX: 603/863-9310

--Entropy isn't what it used to be.

Quote:> Greetings!  With a bit of help, I have just installed Crack on my system.
> The problem is, I have a Sequent SE5000 system with 2 Pentium processors,
> and with practically no CPU load besides Crack, Crack has been running
> for 10 hours, and is only on its 13'th passwd entry.  I installed a
> dictionary with 245,000 words.

-Wes

Quote:> Greetings!  With a bit of help, I have just installed Crack on my system.
> The problem is, I have a Sequent SE5000 system with 2 Pentium processors,
> and with practically no CPU load besides Crack, Crack has been running
> for 10 hours, and is only on its 13'th passwd entry.  I installed a
> dictionary with 245,000 words.

-Wes