The Death Throes of crypt()

dex writes "Tom Perrine and Devin Kowatch of the San Diego Supercomputer Center have issued "Teracrack: Password cracking using TeraFLOP and PetaByte Resources" (PDF, HTML version via Google). Using SDSC's prodigious computing facilities, they precomputed 207 billion crypt() hashes in 80 minutes."

But...

[jchawk]

Unless they release these hashes out into the wild, the average cracker/hacker does not have access to this type of resource...

Definately cool though for proof of concept!

Need more power

[pvt_medic]

80 Minutes? Obviously we just are not using enough power.

Re:Need more power

[grub]

Obviously we just are not using enough power.

Yup, if they ran this on the 220-230V systems in Europe this would have taken only 40 minutes. :)

Re:A testament to crypt()

[Leffe]

Not many pieces of code will be able to boast that lifespan.

10 PRINT "HELLO WORLD"

The most secure piece of code, even on Microsoft(r) Windows(tm) platforms.

I've also got a question; What is the default/general password encryption scheme used in most GNU/Linux distributions? DES? Is DES an algorithm or a collection or interface or something... I don't know anything :(

I did write a program that worked exactly as crypt did though, it included certain unspoken functions from -lcrypt, especially one named crypt.

Re:Need better crypto

[Mikey Hawk]

I think the answer to that question is obvious, guy.

Proof that this was MEANT to happen! :-P

[Wyzard]

Clearly, crypt() was meant to die: just look at its name!

As Schneier says on the first page of Chapter 1 of "Applied Cryptography",

(If you want to follow the ISO 7498-2 standard, use the terms "encipher" and "decipher". It seems that some cultures find the terms "encrypt" and "decrypt" offensive, as they refer to dead bodies.)

ftp site seems slow

[morcheeba]

They've got the tables on their ftp server, but it seems slashdotted because it's going really slow... my computer says "downloaded 4194304 bytes of 1209462790550 bytes (0.00034%)"

Anyone have a bit torrent for this thing?

Re:crypt() not necessarily the crypt algorithm

[Cynicx]

340282366920938463463374607431768211456 is a rough guestimate [16^32] :-)

Re:Need more power

[TobiasSodergren]

I thought it was because of the time zones.. You can start a little earlier in Europe ;)

Too Late

[sirReal.83.]

I've already rooted all your boxen and converted them to a worldwide Beowulf cluster.

Time to crack some pr0n passwords...

they fear the /. effect

[PxT]

Heheh... the paper actually talks about them putting a searchable front-end to the results online but then says they decided not to, in part due to the "dreaded 'slash-dot' effect". Nice.

Re:Perhaps not

[iamnotaclown]

• If I understand the article correctly, they're using serious computer power to develop a database of all passwords and their resulting hashes.

Look for it on eBay. Coming soon, to a 733t h4x0r near you!

How are they storing the results?

[Anonymous Coward]

And now the important question,
are they storing it in MySQL or Postgres???

Re:A testament to crypt()

[Anonymous Coward]

"What is the default/general password encryption scheme used in most GNU/Linux distributions? "

Who cares? Its not like anybody is running anything critical on it.

That's what Windows 98se is for...

Re:So much for longer passwords being more secure?

[thedillybar]

Well, for starters, you should avoiding telling people the length of your password...

That's what I like to see...

[dmccartney]

From the article:

In cases where two sets of options produced insignificantly different speeds, a physical binary decision device (U.S. quarter coin) was flipped to determine which would be used.

That had to be fun for them to write up.
I am going to go convert two of my physical binary decision devices into a cup of coffee.

Re:Need more power

[Anonymous Coward]

210, 220, whatever it takes

Re:A testament to crypt()

[panaceaa]

20 GOTO 10

Haha! Now it's a denial of service algorithm! Bet you wish you had

11 END

now, eh?

"Physical Binary Decision Device"

[Isao]

A quarter.

Re:Proof that this was MEANT to happen! :-P

[Tony Hoyle]

Zombies, demons, cyrpt, etc.

Were all the original unix inventors Goths?

Re:"Physical Binary Decision Device"

[Laplace]

Oh yeah, a quarter. High roller; fat cat throwing your money about. A penny works just as well for me.

Encryption and Big Brother

[lisany]

Its stories like this that remind us that Big Brother would chew through any encryption a user might have.

"Oh, 2048 bits? *yawn* We'll have the results for you in a month."

Re:A testament to crypt()

[crawling_chaos]

Considering the speed of most ATMs and other critical systems, I'm of the opinion that most "critical" systems are running on a PDP-1, which is periodically taken down so that the operators can have a rousing game of Spacewar.

Re:Proof that this was MEANT to happen! :-P

[Anonymous Coward]

Where were they when we started calling things "master" and "slave" ?

Re:Perhaps not

[warkda rrior]

What's your IP?

Dying

[RedHat_Linux_Man]

Looks like its the crypt for crypt() I couldn't resist, someone had to say it.

Or even easier...

[Trejkaz]

Simply walk out the building with the entire mainframe! [slashdot.org]