Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Death Throes of crypt()

Posted by CmdrTaco on from the now-thats-just-too-bad dept.

dex writes "Tom Perrine and Devin Kowatch of the San Diego Supercomputer Center have issued "Teracrack: Password cracking using TeraFLOP and PetaByte Resources" (PDF, HTML version via Google). Using SDSC's prodigious computing facilities, they precomputed 207 billion crypt() hashes in 80 minutes."

27 of 388 comments (clear)

  1. But... by jchawk · · Score: 5, Funny

    Unless they release these hashes out into the wild, the average cracker/hacker does not have access to this type of resource...

    Definately cool though for proof of concept!

  2. Need more power by pvt_medic · · Score: 4, Funny

    80 Minutes? Obviously we just are not using enough power.

    --
    30% Troll, 50% Underrated, 10% Interesting
    Score:5, Troll
    1. Re:Need more power by grub · · Score: 5, Funny


      Obviously we just are not using enough power.

      Yup, if they ran this on the 220-230V systems in Europe this would have taken only 40 minutes. :)

      --
      Trolling is a art,
    2. Re:Need more power by TobiasSodergren · · Score: 2, Funny

      I thought it was because of the time zones.. You can start a little earlier in Europe ;)

    3. Re:Need more power by Anonymous Coward · · Score: 1, Funny

      210, 220, whatever it takes

  3. Re:A testament to crypt() by Leffe · · Score: 5, Funny

    Not many pieces of code will be able to boast that lifespan.

    10 PRINT "HELLO WORLD"

    The most secure piece of code, even on Microsoft(r) Windows(tm) platforms.

    I've also got a question; What is the default/general password encryption scheme used in most GNU/Linux distributions? DES? Is DES an algorithm or a collection or interface or something... I don't know anything :(

    I did write a program that worked exactly as crypt did though, it included certain unspoken functions from -lcrypt, especially one named crypt.

  4. Re:Need better crypto by Mikey+Hawk · · Score: 2, Funny

    I think the answer to that question is obvious, guy.

  5. Proof that this was MEANT to happen! :-P by Wyzard · · Score: 5, Funny

    Clearly, crypt() was meant to die: just look at its name!

    As Schneier says on the first page of Chapter 1 of "Applied Cryptography",

    (If you want to follow the ISO 7498-2 standard, use the terms "encipher" and "decipher". It seems that some cultures find the terms "encrypt" and "decrypt" offensive, as they refer to dead bodies.)

  6. ftp site seems slow by morcheeba · · Score: 5, Funny

    They've got the tables on their ftp server, but it seems slashdotted because it's going really slow... my computer says "downloaded 4194304 bytes of 1209462790550 bytes (0.00034%)"

    Anyone have a bit torrent for this thing?

    --
    HIV Crosses Species Barrier... into Muppets
  7. Re:crypt() not necessarily the crypt algorithm by Cynicx · · Score: 2, Funny

    340282366920938463463374607431768211456 is a rough guestimate [16^32] :-)

  8. Too Late by sirReal.83. · · Score: 5, Funny

    I've already rooted all your boxen and converted them to a worldwide Beowulf cluster.

    Time to crack some pr0n passwords...

  9. they fear the /. effect by PxT · · Score: 3, Funny

    Heheh... the paper actually talks about them putting a searchable front-end to the results online but then says they decided not to, in part due to the "dreaded 'slash-dot' effect". Nice.

  10. Re:Perhaps not by iamnotaclown · · Score: 2, Funny
    • If I understand the article correctly, they're using serious computer power to develop a database of all passwords and their resulting hashes.
    Look for it on eBay. Coming soon, to a 733t h4x0r near you!
  11. How are they storing the results? by Anonymous Coward · · Score: 1, Funny

    And now the important question,
    are they storing it in MySQL or Postgres???

  12. Re:A testament to crypt() by Anonymous Coward · · Score: 2, Funny

    "What is the default/general password encryption scheme used in most GNU/Linux distributions? "

    Who cares? Its not like anybody is running anything critical on it.

    That's what Windows 98se is for...

  13. Re:So much for longer passwords being more secure? by thedillybar · · Score: 5, Funny

    Well, for starters, you should avoiding telling people the length of your password...

  14. That's what I like to see... by dmccartney · · Score: 5, Funny
    From the article:
    In cases where two sets of options produced insignificantly different speeds, a physical binary decision device (U.S. quarter coin) was flipped to determine which would be used.
    That had to be fun for them to write up.
    I am going to go convert two of my physical binary decision devices into a cup of coffee.
  15. Re:A testament to crypt() by panaceaa · · Score: 4, Funny

    20 GOTO 10

    Haha! Now it's a denial of service algorithm! Bet you wish you had

    11 END

    now, eh?

    --
    my blog
  16. "Physical Binary Decision Device" by Isao · · Score: 2, Funny

    A quarter.

    1. Re:"Physical Binary Decision Device" by Laplace · · Score: 2, Funny

      Oh yeah, a quarter. High roller; fat cat throwing your money about. A penny works just as well for me.

      --
      The middle mind speaks!
  17. Re:Proof that this was MEANT to happen! :-P by Tony+Hoyle · · Score: 1, Funny

    Zombies, demons, cyrpt, etc.

    Were all the original unix inventors Goths?

  18. Encryption and Big Brother by lisany · · Score: 2, Funny

    Its stories like this that remind us that Big Brother would chew through any encryption a user might have.

    "Oh, 2048 bits? *yawn* We'll have the results for you in a month."

  19. Re:A testament to crypt() by crawling_chaos · · Score: 2, Funny

    Considering the speed of most ATMs and other critical systems, I'm of the opinion that most "critical" systems are running on a PDP-1, which is periodically taken down so that the operators can have a rousing game of Spacewar.

    --
    You can only drink 30 or 40 glasses of beer a day, no matter how rich you are.
    -- Colonel Adolphus Busch
  20. Re:Proof that this was MEANT to happen! :-P by Anonymous Coward · · Score: 1, Funny

    Where were they when we started calling things "master" and "slave" ?

  21. Re:Perhaps not by warkda+rrior · · Score: 3, Funny

    What's your IP?

    --
    You need to install an RTFM interface.
  22. Dying by RedHat_Linux_Man · · Score: 2, Funny

    Looks like its the crypt for crypt() I couldn't resist, someone had to say it.

  23. Or even easier... by Trejkaz · · Score: 2, Funny

    Simply walk out the building with the entire mainframe!

    --
    Karma: It's all a bunch of tree-huggin' hippy crap!