Penetration Testing mailing list archives
Re: Password Crackers
From: Neil <neil () voidfx net>
Date: Thu, 16 Feb 2006 09:16:22 +0530
xelerated wrote:
List, As some of you may know, @stake has been bought by symantec. And if that wasnt bad enough, they are no longer selling LC5 after the end of this month. And they have no plans on a replacement product. In my experience, LC5 was about the best thing for speedy assessment of the password policy. Sure LC5 will still have some use for awhile to come, but then what? I know there are lots of other options, LCP, john, rainbow tables, and more, but as far as I know, nothing is near as speedy as LC. What are your thoughts? Is there something out there as fast or close? I had enough trouble getting an old junk PC for doing nessus scans on, so i know a cluster is out of the question. Thanks! Chris
Actually, John just got a speed upgrade, not too long ago (as of 1.7, I think). And while I've not done any real comparisons to LC5, John is not slow by any means.
On the other hand, Rainbow Tables are faster than anything else out there, since all the computer is doing is looking up the hash in a database, and then the database spits out the corresponding password. On the other hand, you need to have a database with your password in it (if the password has symbols, and you are using alphanumeric tables, obviously it won't work).
-- Neil. ------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Password Crackers xelerated (Feb 15)
- Re: Password Crackers Neil (Feb 16)
- Message not available
- Re: Password Crackers Peter Wood (Feb 16)
- Re: Password Crackers Jon Gucinski (Feb 16)
- Re: Password Crackers Aaron (Feb 17)
- <Possible follow-ups>
- Re: Password Crackers revnic (Feb 16)
- Re: Password Crackers ROB DIXON (Feb 16)
- Re: Password Crackers Arctific (Feb 16)
- Re: Password Crackers ROB DIXON (Feb 16)