Reverting to old tricks, brute force attacks can allow you to decrypt password files on your own time, on your own terms. Even with your meager account you should be able to copy an encrypted password file off a machine you've hacked and onto a safer one. At the very least, you should be able to view the contents of a password file, even though it is encrypted.
Then you compile a copy of the decryption software, altering it so it will read in a word from a specially-prepared dictionary file, use that as a key, and print the result. UNIX source code listings are available for every facet of the OS. Even if you can't get a decryptor of the type used by the computer to code the password (and other) files, you can still go to the manual, see which encryption algorithm is used, and write a program yourself that follows that algorithm. Brute forcing encryption keys on a password file is much faster than forcing one's way onto the system in the first place. Soon you should have found a key that unlocks the code, and soon you will have the superuser password!
Brute force may not always be a necessity. There is reportedly a well-known inversion to the encryption algorithm used on certain OSs, includ-ing older versions of VMS. Sorry to say, I don't know exactly what this inversion method is. I do know there are ways to algorithmically reverse the effects of a "crypt" command in
UNIX. That com-mand uses the World War 11 Enigma coding algo-rithm, which was devious for its time but no match for modern supercomputers. Sure, it still takes a while to do the inversion, but it is possible to do it if you have a computer with enough horsepower.
However, the crypt command isn't used all that much because everyone knows how vulnerable it is. Mostly "crypt" is left around for sentimental rea-sons. The encryptor that is most often used to en-code passwords is a version of the federal Data En-cryption Standard (DES). The UNIX variation of DES is "defective" in that
brute force attacks for en-cryption keys are close to impossible. How does it defeat brute force attacks?
As we all know, UNIX password files are openly available for anyone to read, copy, or print out, but the passwords themselves are stored in an encrypted form. Well, that's not exactly right. The password file actually does NOT contain any passwords at all. What happens is, when a user logs in for the first time and enters a password, UNIX uses the first eight characters of the pass-word as an encryption key to encode some constant (say, a long random number).
Another reason why DES was chosen to encrypt passwords is that when the DES algorithm is implemented in software form, it is slow. This means it will take more time to run a brute force attack.
Staying with this topic a bit, it's unsettling to note that the Data Encryption Standard also may not be as secure as it was once believed to be. DES was based on a security system called Lucifer, de-veloped by IBM for the National Bureau of Stan-dards in 1973. Before being released as the USA's official (standard) code,
the top-secret National Se-curity Agency had their say in the matter, reducing the complexity of the encoding algorithm and keeping certain aspects of its design under wraps. This looked mighty suspicious! Why would the NSA go out of its way to proclaim the code secure while simultaneously making it less secure? Critics
warned that a back door had probably been built into the system.
In early 1992, two Israeli scientists announced that they had found a way to beat the system. If someone knows the encoded message, certain mathematical techniques can be applied to infer the key used to encrypt the message. Then other coded texts which use the same key can be easily read. In any case, it is well known that much better codes have been produced since the 1970s.
Some systems make it difficult to brute force the plaintext out of an encrypted file, because the en-cryption key supplied by the user is not what en-codes the text. Rather, it is used to encode some random sequence of characters. Those characters encode the text.
You don't have to be smart to be a hacker, you just have to be clever. But to crack data encryption algorithms you must be clever, smart and mathematically-inclined. Lucky for us people who don't have calculators for brains, there are so many other ways to read encrypted files than by breaking the code! I'll stick with Van Eck and his cronies, thank you.
