Penetration Testing mailing list archives
Re: john the ripper
From: Martin Mačok <martin.macok () underground cz>
Date: Tue, 9 Dec 2003 19:45:07 +0100
On Mon, Dec 08, 2003 at 11:58:08AM -0700, Benjamin Tomhave wrote:
Scary numbers...so, semi-drifting question: how long is an "acceptable" length of time to run a cracker before pronouncing that uncracked passwords are "reasonably strong and well-chosen"?
I usually run it for several hours, sometimes letting it choking through the weekend. You can't tell them "reasonably strong or well-chosen" after a pen-test, only "couldn't crack in X hours on Y hardware with N/(X*3600) tests per second". To tell them "reasonably strong", you should let it running for at least X days where X is their password expiration time. (It also depends on quality of your wordlist/dictionary...) -- Martin Mačok http://underground.cz/ martin.macok () underground cz http://Xtrmntr.org/ORBman/ --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- john the ripper Giacomo (Dec 03)
- Re: john the ripper fbr (Dec 03)
- Re: john the ripper Timo Schoeler (Dec 04)
- Re: john the ripper Jon Hart (Dec 04)
- Re: john the ripper Giacomo (Dec 04)
- Re: john the ripper dshingiz (Dec 06)
- Re: john the ripper R. DuFresne (Dec 03)
- Re: john the ripper Michael Thumann (Dec 04)
- Re: john the ripper Mike (Dec 08)
- RE: john the ripper Benjamin Tomhave (Dec 08)
- Re: john the ripper Martin Mačok (Dec 10)
- RE: john the ripper Anish M (Dec 09)
- RE: john the ripper Arthur Clune (Dec 09)
- RE: john the ripper Benjamin Tomhave (Dec 08)
- <Possible follow-ups>
- RE: john the ripper Brass, Phil (ISS Atlanta) (Dec 04)
- Re: john the ripper Jason Watson (Dec 04)
- Re: john the ripper bofn (Dec 06)
- Re: john the ripper Marco Ivaldi (Dec 06)
- RE: john the ripper Tony Kava (Dec 06)
- RE: john the ripper OBrien, Brennan (Dec 08)
- RE: john the ripper Jason Watson (Dec 10)
- RE: john the ripper Charles Clancy (Dec 15)
(Thread continues...)
- Re: john the ripper fbr (Dec 03)