[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    ANNOUNCE: Crack v5.0a available...
From:       Alec Muffett <alecm () crypto ! dircon ! co ! uk>
Date:       1996-12-21 2:13:35
[Download RAW message or body]

Eschewing the media-friendly hype which surrounded the release of
SATAN some time ago (Hi Dan!) and bemused by the fact that some of the
code he wrote years ago has since crept into the Linux-based operating
system of the machine he is composing this message on (as a standard
part of the authentication libraries, no less) - the author is pleased
to announce the release of:

                  Crack v5.0a - The Password Cracker
             Crack v6.0 - The Minimalist Password Cracker
           Crack v7.0 - The Brute-Forcing Password Cracker

                           available from:

                http://www.users.dircon.co.uk/~crypto/

(just like a London bus, you wait ages and then three turn up at once)


In the expectation that some kind soul will be good enough to retrieve
copies and place them up for FTP at various well-connected mirror
sites (the sundry CERTs, COAST, et al), the MD5 checksum for the first
distribution is:

                   6511dca525b7b921ea09eca855cc58f2

- but please be patient if you *do* suffer problems downloading; it's
not like Crack is a new piece of technology, so you shouldn't panic
about upgrading.


NOTE: Discussion of issues relating to running this version of Crack
should be directed to the newsgroup "comp.security.unix" - mention
"Crack5" in the subject line.


        - alec

------------------------------------------------------------------

New features.

   * Complete restructuring - uses less memory

   * Ships with Eric Young's "libdes" as standard

   * API for ease of integration with arbitrary crypt() functions

   * API for ease of integration with arbitrary passwd file format

   * Considerably better gecos-field checking

   * More powerful rule sets

   * Ability to read dictionaries generated by external commands

   * Better recovery mechanisms for jobs interrupted by crashes

   * Easier to control (eg: to put to sleep during working hours)

   * Bundled with Crack6 (minimalist password cracker)

   * Bundled with Crack7 (brute force password cracker)

   * Tested on Solaris, Linux, FreeBSD, NetBSD, OSF and Ultrix

----------------------------------------------------------------------------

Requirements.

   * Unix-like operating system.

   * C Compiler.

   * Moderate amount of disk space.

   * Lots of CPU time.

   * PERMISSION FROM YOUR SYSADMIN.

   * Root-privileges, quite possibly.

   * "gzip" is extremely desirable.

   * "perl", if networking/multiprocessing.

------------------------------------------------------------------

<diatribe>
ps: I'm quite aware that with the release of a new version of Crack
there is bound to be some small amount of controversy generated,
particularly from the more "postmodernist" members of the hacker
community who will probably denigrate my humble efforts as being
"passe" and "nothing new or interesting".

What they actually mean is that the methods employed by "Crack" are
well-understood (at least by themselves) - no longer sexy, and that it
is immensely sad that we still suffer a situation where password
cracking is still a pretty effective way of breaking into systems,
more than 5 years after I first posted Crack in July 1991.

With this, I agree.

Even so, this is no reason to say that a new release of Crack is
"pointless"; for one thing I would point out that it is precisely
because of the availability of Crack that password cracking is "passe"
in the community, and as the prime mover behind this change, I feel I
am perfectly entitled to waste my spare time in any way I want,
including in the provision of a newer version.

Secondly, things will not continue to improve unless an evolutionary
pressure pewrsists to make people *want* to improve their security;
Crack 4.1 was starting to get a bit dog-eared around some of the newer
operating systems, and it was time for an update.

So it is on that basis that I release this new verion.
</diatribe>

--
                    alec muffett, oxford, england
          please reply to: "alecm" at "crypto.dircon.co.uk"
                http://www.users.dircon.co.uk/~crypto/

[prev in list] [next in list] [prev in thread] [next in thread]