RE: john the ripper

From: Brass, Phil (ISS Atlanta) (PBrass@iss.net)
Date: Wed Dec 03 2003 - 23:04:32 EST

• Next message: Giacomo: "Re: john the ripper"
• Previous message: Jon Hart: "Re: john the ripper"
• Maybe in reply to: Giacomo: "john the ripper"
• Next in thread: Jason Watson: "Re: john the ripper"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I've found it's not just the words in the dictionary. Given a fixed
length of time, anyone can make a list with more words than they could
check. It's the order of the words in the dictionary - getting the most
likely ones in there first. This is especially true when you're doing
authentication attacks such as privilege escalation or openrowset in SQL
injection, and you're only going to get to try 1-5 passwords per second.
Comprehensive is great, well-ordered is critical.

Phil

> -----Original Message-----
> From: R. DuFresne [mailto:dufresne@sysinfo.com]
> Sent: Wednesday, December 03, 2003 12:38 PM
> To: Giacomo
> Cc: pen-test@securityfocus.com
> Subject: Re: john the ripper
>
>
>
> The real key to passwd crackers is the dictionaries they use
> for the bruting. then better, bigger, more inclusive the
> dict, the more likely you are to get results.
>
> Thanks,
>
> Ron DuFresne
>
> On Tue, 2 Dec 2003, Giacomo wrote:
>
> > Hi all
> >
> > I am tryning to crack cisco md5 password.
> > Currently I am using a Athlon XP2500barton at 2300mhz, after 17days
> > john
> > continue to crack at 3800c/s (it started at 4500c/s).
> > I am asking myself and all of you what is the best system
> (hardware) to
> > crack md5 password.
> > I am thinking that the best way Is the powerfull (mhz) i386
> in commerce.
> > I've tried OpenMosix with 4 p500 nodes with john and cisilia, but
> > without lucky results.
> > The sun 280 (dual 64bits cpu at 900mhz) go to a poor 900c/s
> >
> > which is you reference system to use john on md5 password ?
> >
> > Giacomo
> >
> >
> >
> >
> ----------------------------------------------------------------------
> > -----
> >
> --------------------------------------------------------------
> --------------
> >
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior security consultant: sysinfo.com
> http://sysinfo.com
>
> "Cutting the space budget really restores my faith in
> humanity. It eliminates dreams, goals, and ideals and lets
> us get straight to the business of hate, debauchery, and
> self-annihilation."
> -- Johnny Hart
>
> testing, only testing, and damn good at it too!
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------
>
>

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Giacomo: "Re: john the ripper"
• Previous message: Jon Hart: "Re: john the ripper"
• Maybe in reply to: Giacomo: "john the ripper"
• Next in thread: Jason Watson: "Re: john the ripper"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:43 EDT