RE: john the ripper

["Jason Watson" <penscan () hotmail com>]

Hi people,

For a few years I have had this idea in my head about a secure(er) 
authentication system to that of telling the user the password.  My system 
is basically still a password system but it uses a key-card to access (there 
are several of these systems out there).  the password is then stored by PGP 
(GnuPGP) in a 1024 bit hash, everyday at a "random" time the password server 
sends a new (encrypted of course) key to the card reader which stores the 
new password on it's magnetic strip).  Everytime the password is read a new 
password is sent.  This would easily allow for 1000 character passwords, in 
turn increasing system security dramatically.  Passwords alone are never 
going to secure systems but every little-bit helps.

Kind regards,

Jason Watson.

> Okay, I hear what you're saying about the amount of time being used and
> all... but..
>
> If your users are like the ones I've seen, that "reasonably strong"
> password (such as &Y6N8gg0 -- presumably strong) is just going to get
> written down on a sticky tab and put on the users monitor or under their
> keyboard.  The point is, while you've done a great job creating a strong
> keyspace which is difficult to break, I may open up a bigger problem.
> The goal is to get through the proverbial wall.  Whether I do that by
> breaking through the bricks or scaling it or just going around, it
> doesn't really matter to me.  If I make the wall thicker, that just
> moves the problem -- I'm still interested in getting to the other side,
> and I know I won't be able break through it, so off I go to find a
> different solution...
>
> Just my thoughts.
>
>
> -----Original Message-----
> From: Benjamin Tomhave [mailto:falcon () secureconsulting net]
> Sent: Monday, December 08, 2003 10:58 AM
> To: pen-test () securityfocus com
> Subject: RE: john the ripper
>
> Scary numbers...so, semi-drifting question: how long is an "acceptable"
> length of time to run a cracker before pronouncing that uncracked
> passwords
> are "reasonably strong and well-chosen"?
>
> > -----Original Message-----
> > From: Mike [mailto:myname17 () bellsouth net]
> > Sent: Monday, December 08, 2003 3:45 AM
> > To: Giacomo; pen-test () securityfocus com
> > Subject: Re: john the ripper
> >
> >
> > I recently did a little research on this, and if the password was
> > well chosen
> > you will not find the password.
> >
> > An 8 character password, based on a 72 character set (26 lower
> > case letters,
> > 26 uppercase letters, 10 digits, and 10 special characters)
> > results in 72^8
> > or 7.2x10^14 possible passwords.  My reference PC was only able
> > to crack at
> > 1500c/s.  Doing the math reveals that 150,000 years would be required
> to
> > crack all combinations, or 75,000 years on average.  For a 12
> character
> > password the result was 2,000,000,000,000 years.
> >
> > If my math is wrong, please break it to me gently.
> >
> > Mike
> >
> > On Tuesday 02 December 2003 10:52 am, Giacomo wrote:
> > > Hi all
> > >
> > > I am tryning to crack cisco md5 password.
> > > Currently I am using a Athlon XP2500barton at 2300mhz, after 17days
> john
> > > continue to crack at 3800c/s (it started at 4500c/s).
> > > I am asking myself and all of you what is the best system (hardware)
> to
> > > crack md5 password.
> > > I am thinking that the best way Is the powerfull (mhz) i386 in
> commerce.
> > > I've tried OpenMosix with 4 p500 nodes with john and cisilia, but
> > > without lucky results.
> > > The sun 280 (dual 64bits cpu at 900mhz) go to a poor 900c/s
> > >
> > > which is you reference system to use john on md5 password ?
> > >
> > > Giacomo
> > >
> > >
> > >
> > >
> > ------------------------------------------------------------------
> > ---------
> > >
> > ------------------------------------------------------------------
> > ---------
> > >-
> >
> >
> > ------------------------------------------------------------------
> > ---------
> > ------------------------------------------------------------------
> > ----------
> >
> >
>
>
> ------------------------------------------------------------------------
> ---
> ------------------------------------------------------------------------
> ----
>
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------

_________________________________________________________________
Download MSN Messenger @  http://messenger.xtramsn.co.nz   - talk to family 
and friends overseas!


---------------------------------------------------------------------------
----------------------------------------------------------------------------