[gameprogrammer] Algo to break any password?

From: "Kevin Jenkins" <gameprogrammer@xxxxxxxxxx>
To: <gameprogrammer@xxxxxxxxxxxxx>
Date: Sun, 18 Jul 2004 10:24:21 -0700

I was thinking of this last night.  It seems like a way you can beat any
password based security measure.  Please tell me if I'm wrong.

s2c: Encyrption data (nonce, public key, whatever).
c2s: Hash containing the password.

I have a packetsniffer on a router inbetween them.

I don't try to break the hash.  Instead, I run whatever algo the client was
using to generate the hash using every possible password until our hashes
match.  Short of using an algo that takes several minutes to generate a
single hash, I can run through all reasonable passwords pretty quick.  If I
assume the passwords are alpha-numeric then I can do it even faster.

So it seems like a packetsniffer can beat any security measure.  Am I wrong?



---------------------
To unsubscribe go to http://gameprogrammer.com/mailinglist.html

Follow-Ups:
- [gameprogrammer] Re: Algo to break any password?
  - From: Alan Wolfe
- [gameprogrammer] Re: Algo to break any password?
  - From: Paul Smith

References:
- [gameprogrammer] Re: Linux equivalent of CreateDirectory
  - From: Jason Clark
- [gameprogrammer] Frequency table for standard english for huffman encoding tree
  - From: Kevin Jenkins
- [gameprogrammer] Re: Frequency table for standard english for huffman encoding tree
  - From: Alan Wolfe
- [gameprogrammer] Re: Frequency table for standard english for huffman encoding tree
  - From: Kevin Jenkins
- [gameprogrammer] Re: Frequency table for standard english for huffman encoding tree
  - From: Alan Wolfe

[gameprogrammer] Algo to break any password?

Other related posts: