http://www.openwall.com/lists/oss-security/2012/01/16/2
Alexander
----- Forwarded message from Solar Designer <solar@openwall.com> -----
Date: Tue, 25 Jan 2011 17:51:43 +0300
From: Solar Designer <solar@openwall.com>
To: Theodore Ts'o <tytso@mit.edu>
Subject: pwgen: non-uniform distribution of passwords
On Tue, Jan 17, 2012 at 02:01:38PM +0400, Solar Designer wrote:
> Time running (D:HH:MM) - Keyspace searched - Passwords cracked
> 0:00:02 - 0.0008% - 6.0%
> 0:01:00 - 0.025% - 19.5%
> 0:20:28 - 0.5% - 39.1%
> 1:16:24 - 1.0% - 47.1%
> 3:00:48 - 1.8% - 55.2%
> 3:21:44 - 2.3% - 59.4%
> 5:05:17 - 3.1% - 64.2%
...
On Thu, Jan 19, 2012 at 11:34:12PM +0400, Solar Designer wrote:
> $ ./pwgen -1cn 8 1000000000 | dd obs=10M > 1g
...
> $ time ~/john/john-1.7.9-jumbo-5/run/unique -v -mem=25 1gu < 1g
> Total lines read 1000000000 Unique lines written 697066573
Here's some further analysis of the 1 billion sample used as a training
set along with a separate 1 million sample used as a test set:
Applying the 697 million unique passwords (from the 1 billion sample
newer OpenSSH:
http://www.openwall.com/lists/oss-security/2008/05/27/4
--
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments
escalation. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-1883
Solar Designer discovered a missing capability check in the
z90crypt driver or s390 systems. This vulnerability may allow
a local user to gain elevated privileges.
CVE-2009-2909
wget N/A
libwww-perl >= 5.835
Credit: Vulnerability discovered and reported by Hank Leininger and Solar
Designer under the Openwall Project, with further analysis by
Daniele Bianco of oCERT.
CVE: N/A
Timeline:
