[Gllug] I have forgotten my root password, I am a muppet.

tet at accucard.com tet at accucard.com
Thu Sep 6 11:18:45 UTC 2001


>> All true. However, one thing cracking tools will *not* do is crack a
>> root password set by even a semi competent sysadmin on an important
>> machine. This will be non dictionary based and a mix of numbers, upper
>> and lower case.
>>
>
>Still pretty crackable, given a few hours and a fast machine.

No, not really. After 4 days, John The Ripper had still failed to crack
my password on a PIII 950, at which point, I decided it was probably
secure enough, and gave up. Brute force still isn't feasible, even on
a standard Unix 8 character password, without a fairly hefty distributed
attack. All you have to do is come up with a password that's suitably
obscure that cracking programs can't make intelligent guesses. If they
have to rely on brute force, then to all intents and purposes, you're
safe (at least for now).

Tet

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list