USENIX Technical Program - Abstract - Security Symposium 99
Brute Force Attack on UNIX Passwords with SIMD Computer
Gershon Kedem and Yuriko Ishihara, Computer Science Department, Duke University
As computer technology improves, the security of specific ciphers and one-way
hash functions periodically must be reevaluated in light of new technological
advances. In this paper we evaluate the security of the UNIX password scheme.
We show that the UNIX password scheme is vulnerable to brute-force attack.
Using PixelFlow, a SIMD parallel machine, we are able to "crack" a large
fraction of passwords used in practice  in 2-3 days of computation.
We explain how a SIMD machine built in today's technology could "crack"
any UNIX password in two days. We also describe in this paper a simple
modification to the UNIX password scheme that makes it harder to break
encrypted passwords using dictionary and brute force attack, thus extending
the useful life of the UNIX password scheme. The modified password scheme
is compatible with the existing password scheme.
- View the full text of this paper in
HTML form and PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.