Penetration Testing mailing list archives

RE: john the ripper

From: "Anish M" <myname () myrealbox com>
Date: Tue, 9 Dec 2003 02:23:34 -0000

Hi,
 I am not sure a brute force attack on md5 password is the best.There has
been better attacks on hashes especially md5,if some one could point me at
the way md5 password is implemented I could give a shot at an estimate :-)
regards
Anish

-----Original Message-----
From: Mike [mailto:myname17 () bellsouth net]
Sent: 08 December 2003 10:45
To: Giacomo; pen-test () securityfocus com
Subject: Re: john the ripper


I recently did a little research on this, and if the password was well
chosen
you will not find the password.

An 8 character password, based on a 72 character set (26 lower case letters,
26 uppercase letters, 10 digits, and 10 special characters) results in 72^8
or 7.2x10^14 possible passwords.  My reference PC was only able to crack at
1500c/s.  Doing the math reveals that 150,000 years would be required to
crack all combinations, or 75,000 years on average.  For a 12 character
password the result was 2,000,000,000,000 years.

If my math is wrong, please break it to me gently.

Mike

On Tuesday 02 December 2003 10:52 am, Giacomo wrote:

Hi all

I am tryning to crack cisco md5 password.
Currently I am using a Athlon XP2500barton at 2300mhz, after 17days john
continue to crack at 3800c/s (it started at 4500c/s).
I am asking myself and all of you what is the best system (hardware) to
crack md5 password.
I am thinking that the best way Is the powerfull (mhz) i386 in commerce.
I've tried OpenMosix with 4 p500 nodes with john and cisilia, but
without lucky results.
The sun 280 (dual 64bits cpu at 900mhz) go to a poor 900c/s

which is you reference system to use john on md5 password ?

Giacomo



--------------------------------------------------------------------------

--------------------------------------------------------------------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re: john the ripper, (continued)
- Re: john the ripper fbr (Dec 03)
  - Re: john the ripper Timo Schoeler (Dec 04)
  - Re: john the ripper Jon Hart (Dec 04)
  - Re: john the ripper Giacomo (Dec 04)
  - Re: john the ripper dshingiz (Dec 06)
- Re: john the ripper R. DuFresne (Dec 03)
- Re: john the ripper Michael Thumann (Dec 04)
- Re: john the ripper Mike (Dec 08)
  - RE: john the ripper Benjamin Tomhave (Dec 08)
    - Re: john the ripper Martin Mačok (Dec 10)
  - RE: john the ripper Anish M (Dec 09)
    - RE: john the ripper Arthur Clune (Dec 09)
- RE: john the ripper Brass, Phil (ISS Atlanta) (Dec 04)
- Re: john the ripper Jason Watson (Dec 04)
  - Re: john the ripper bofn (Dec 06)
- Re: john the ripper Marco Ivaldi (Dec 06)
- RE: john the ripper Tony Kava (Dec 06)
- RE: john the ripper OBrien, Brennan (Dec 08)
- RE: john the ripper Jason Watson (Dec 10)
  - RE: john the ripper Charles Clancy (Dec 15)
- RE: john the ripper MJohnst5 (Dec 10)