Penetration Testing mailing list archives
RE: john the ripper
From: "Brass, Phil (ISS Atlanta)" <PBrass () iss net>
Date: Wed, 3 Dec 2003 23:04:32 -0500
I've found it's not just the words in the dictionary. Given a fixed length of time, anyone can make a list with more words than they could check. It's the order of the words in the dictionary - getting the most likely ones in there first. This is especially true when you're doing authentication attacks such as privilege escalation or openrowset in SQL injection, and you're only going to get to try 1-5 passwords per second. Comprehensive is great, well-ordered is critical. Phil
-----Original Message----- From: R. DuFresne [mailto:dufresne () sysinfo com] Sent: Wednesday, December 03, 2003 12:38 PM To: Giacomo Cc: pen-test () securityfocus com Subject: Re: john the ripper The real key to passwd crackers is the dictionaries they use for the bruting. then better, bigger, more inclusive the dict, the more likely you are to get results. Thanks, Ron DuFresne On Tue, 2 Dec 2003, Giacomo wrote:Hi all I am tryning to crack cisco md5 password. Currently I am using a Athlon XP2500barton at 2300mhz, after 17days john continue to crack at 3800c/s (it started at 4500c/s). I am asking myself and all of you what is the best system(hardware) tocrack md5 password. I am thinking that the best way Is the powerfull (mhz) i386in commerce.I've tried OpenMosix with 4 p500 nodes with john and cisilia, but without lucky results. The sun 280 (dual 64bits cpu at 900mhz) go to a poor 900c/s which is you reference system to use john on md5 password ? Giacomo----------------------------------------------------------------------------------------------------------------------------------------- ---------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: john the ripper, (continued)
- Re: john the ripper Jon Hart (Dec 04)
- Re: john the ripper Giacomo (Dec 04)
- Re: john the ripper dshingiz (Dec 06)
- Re: john the ripper R. DuFresne (Dec 03)
- Re: john the ripper Michael Thumann (Dec 04)
- Re: john the ripper Mike (Dec 08)
- RE: john the ripper Benjamin Tomhave (Dec 08)
- Re: john the ripper Martin Mačok (Dec 10)
- RE: john the ripper Anish M (Dec 09)
- RE: john the ripper Arthur Clune (Dec 09)
- RE: john the ripper Benjamin Tomhave (Dec 08)
- RE: john the ripper Brass, Phil (ISS Atlanta) (Dec 04)
- Re: john the ripper Jason Watson (Dec 04)
- Re: john the ripper bofn (Dec 06)
- Re: john the ripper Marco Ivaldi (Dec 06)
- RE: john the ripper Tony Kava (Dec 06)
- RE: john the ripper OBrien, Brennan (Dec 08)
- RE: john the ripper Jason Watson (Dec 10)
- RE: john the ripper Charles Clancy (Dec 15)
- RE: john the ripper MJohnst5 (Dec 10)