Penetration Testing mailing list archives

RE: john the ripper

From: "Brass, Phil (ISS Atlanta)" <PBrass () iss net>
Date: Wed, 3 Dec 2003 23:04:32 -0500

I've found it's not just the words in the dictionary.  Given a fixed
length of time, anyone can make a list with more words than they could
check.  It's the order of the words in the dictionary - getting the most
likely ones in there first.  This is especially true when you're doing
authentication attacks such as privilege escalation or openrowset in SQL
injection, and you're only going to get to try 1-5 passwords per second.
Comprehensive is great, well-ordered is critical.

Phil

-----Original Message-----
From: R. DuFresne [mailto:dufresne () sysinfo com] 
Sent: Wednesday, December 03, 2003 12:38 PM
To: Giacomo
Cc: pen-test () securityfocus com
Subject: Re: john the ripper

The real key to passwd crackers is the dictionaries they use 
for the bruting. then better, bigger, more inclusive the 
dict, the more likely you are to get results.  

Thanks,

Ron DuFresne

On Tue, 2 Dec 2003, Giacomo wrote:

Hi all

I am tryning to crack cisco md5 password.
Currently I am using a Athlon XP2500barton at 2300mhz, after 17days 
john
continue to crack at 3800c/s (it started at 4500c/s).
I am asking myself and all of you what is the best system

(hardware) to

crack md5 password.
I am thinking that the best way Is the powerfull (mhz) i386

in commerce.

I've tried OpenMosix with 4 p500 nodes with john and cisilia, but 
without lucky results.
The sun 280 (dual 64bits cpu at 900mhz) go to a poor 900c/s

which is you reference system to use john on md5 password ?

Giacomo

----------------------------------------------------------------------

-----

--------------------------------------------------------------
--------------


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in 
humanity.  It eliminates dreams, goals, and ideals and lets 
us get straight to the business of hate, debauchery, and 
self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re: john the ripper, (continued)
- - Re: john the ripper Jon Hart (Dec 04)
  - Re: john the ripper Giacomo (Dec 04)
  - Re: john the ripper dshingiz (Dec 06)
- Re: john the ripper R. DuFresne (Dec 03)
- Re: john the ripper Michael Thumann (Dec 04)
- Re: john the ripper Mike (Dec 08)
  - RE: john the ripper Benjamin Tomhave (Dec 08)
    - Re: john the ripper Martin Mačok (Dec 10)
  - RE: john the ripper Anish M (Dec 09)
    - RE: john the ripper Arthur Clune (Dec 09)
- RE: john the ripper Brass, Phil (ISS Atlanta) (Dec 04)
- Re: john the ripper Jason Watson (Dec 04)
  - Re: john the ripper bofn (Dec 06)
- Re: john the ripper Marco Ivaldi (Dec 06)
- RE: john the ripper Tony Kava (Dec 06)
- RE: john the ripper OBrien, Brennan (Dec 08)
- RE: john the ripper Jason Watson (Dec 10)
  - RE: john the ripper Charles Clancy (Dec 15)
- RE: john the ripper MJohnst5 (Dec 10)