Penetration Testing mailing list archives
Re: hardware vs. john the ripper
From: Anders Thulin <Anders.Thulin () tietoenator com>
Date: Fri, 23 Jan 2004 09:18:46 +0100
Rafael Núñez wrote:
So Which hardware/trademark would the best one?, Proliant Server? SGI ? Alpha ones? please i need some links about it
Don't focus on the hardware too early -- focus on what your goals are, and how your cracking process is structured to address those goals. Of course, at some point you want to have a password cracker (the crypto modules in john) that does a good job on whatever architecture you have in mind, but don't get stuck on assuming you can't improve the software part as well. (Some of the add-on modules to john can be improved just by doing some simple hand-optimizations, taking the fairly specialized situation into account.) So, what is your goal? To crack *all* passwords? To minimize the time to first crack? Crack all the simple ones quickly? To crack only the one that matters, but to do so in a predictable time? And what passwords are you thinking of? Any kind? Or just Windows-type? How well can the process be run in parallel? Say, run john in incremental mode on one processor, while you're running others with different types of dictionary cracks, rule based or not? It may be that 8 medium-powered systems can do as well or better as one single high-powered one, depending on what you're trying to achieve. (John the ripper benchmark results can help you evaluate how far you can go here.) If time is not a major factor, you can do a lot just by trying out common search spaces 'by hand', say by generating all passwords of a particular pattern (letters with tailing digits, say, of max length 8), and running them through john in no-rules wordlist mode. If you're using a bit-sliced crypto implementation, this can be quite fast. If you're going for predictable time, investigate the Hellman-Oechslin approach (a.k.a. rainbow tables). It can be tuned to cover a search space more or less completely, and time is highly predictable. There used to be Windows sources for this method applied to Windows LM hashes on the net under the name 'RCRACK' or 'RTCRACK' -- it may still be out there. The method can fairly easily be applied to most encryption methods, though it will require some coding to get there. This method lends itself to just about any degree of parallelization -- even the pre-crack table computation time can be done in parallel (and could easily be made into a distributed project a la seti@home, in fact). If you're going for shortest time (for a given encryption method), you may want to pre-crack as many passwords as possible, and then simply look the hashes up in a database when crack-time comes. You spend a lot of time creating the database, but you will get crack times as low as your disk and your database coverage allows. This is probably the way to go to crack easy or obvious passwords extremely quickly. If you don't need 'extremely', it's overkill. If you're going for a method where pre-cracking is a factor, you might want to check out if that step can be speeded up by using some cryptographic coprocessor. You'll need to have OS support for them, though -- don't know how FreeBSD compares to OpenBSD here. But again, you probably will have to be prepared to do a fair amount of coding. If you just don't know ... ... buy a moderately good system, and use it as a learning bench. Ensure you can buy a second system if you want to go into parallel cracking later. -- Anders Thulin anders.thulin () tietoenator com 040-661 50 63 TietoEnator Telecom & Media AB, Box 85, SE-201 20 Malmö --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- hardware vs. john the ripper Rafael Núñez (Jan 22)
- RE: hardware vs. john the ripper Password Crackers, Inc. (Jan 22)
- Re: hardware vs. john the ripper - fun Alvin Oga (Jan 22)
- Re: hardware vs. john the ripper Anders Thulin (Jan 23)