Great Circle Associates Firewalls
(February 1994)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Crack'ified npasswd
From: morgan @ engr . uky . edu (Wes Morgan)
Date: Mon, 14 Feb 94 09:51:18 EST
To: Firewalls @ GreatCircle . COM, paul @ uxc . cso . uiuc . edu

>If my experience with folding CrackLib-2.5 into the CSO Nameserver package
>is any guide, adding the Crack rules makes a password checker too strict with
>insufficient feedback to the user.  
>For me npasswd is part of an indepth defense.  First someone has to get
>a copy of my shadow password files before they can run crack.  Ideally
>what npasswd does for me is eliminate easily guessed passwords.  For that
>the 90% level is fine and eliminates most user resistance.

I've had rather high success rates with the "genp" program, which I 
picked up on the net some years ago.  It builds rather nonsensical,
but pronuncible/memorizable passwords.  As a test, I generated 5000
passwords with genp and ran them through Crack 4.1; with the stan-
dard dictionary, it was only able to break 2 passwords.

Here is a quick sample of genp's output:

	nimixflor kowfleze tovuja nisnarsnow nixpaygi fortusmoy 
	knorfloupou shalsterknax coychouflou daitabax

Interested parties may contact me via email for the source code;
it's 112 lines of C code.


Indexed By Date Previous: Re: Can you print from a chroot'd process?
From: Barney Wolff <barney @ databus . com>
Next: Re: Can you print from a chroot'd process?
From: papowell%dickory @ sdsu . edu (Patrick Powell)
Indexed By Thread Previous: Re: Crack'ified npasswd
From: Brad Huntting <huntting @ advtech . uswest . com>
Next: Can you print from a chroot'd process?
From: John Gibbins <johng @ weema . chi . uwa . edu . au>

Search Internet Search