Penetration Testing mailing list archives

Re: Password Crackers

From: Neil <neil () voidfx net>
Date: Thu, 16 Feb 2006 09:16:22 +0530

xelerated wrote:

List,
As some of you may know, @stake has been bought by
symantec. And if that wasnt bad enough, they are no longer
selling LC5 after the end of this month.
And they have no plans on a replacement product.

In my experience, LC5 was about the best thing for speedy
assessment of the password policy. Sure LC5 will still have
some use for awhile to come, but then what?

I know there are lots of other options, LCP, john, rainbow tables,
and more, but as far as I know, nothing is near as speedy
as LC.

What are your thoughts? Is there something out there as fast or close?

I had enough trouble getting an old junk PC for doing nessus scans on, so i know
a cluster is out of the question.

Thanks!
Chris

Actually, John just got a speed upgrade, not too long ago (as of 1.7, Ithink). And while I've not done any real comparisons to LC5, John isnot slow by any means.

On the other hand, Rainbow Tables are faster than anything else outthere, since all the computer is doing is looking up the hash in adatabase, and then the database spits out the corresponding password.On the other hand, you need to have a database with your password in it(if the password has symbols, and you are using alphanumeric tables,obviously it won't work).


--
Neil.

------------------------------------------------------------------------------

Audit your website security with Acunetix Web Vulnerability Scanner:Hackers are concentrating their efforts on attacking applications on yourwebsite. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers arefutile against web application hacking. Check your website for vulnerabilitiesto SQL injection, Cross site scripting and other web attacks before hackers do!Download Trial at:


http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Password Crackers xelerated (Feb 15)
- Re: Password Crackers Neil (Feb 16)
- Message not available
  - Re: Password Crackers Peter Wood (Feb 16)
- Re: Password Crackers Jon Gucinski (Feb 16)
  - Re: Password Crackers Aaron (Feb 17)
- <Possible follow-ups>
- Re: Password Crackers revnic (Feb 16)
- Re: Password Crackers ROB DIXON (Feb 16)
- Re: Password Crackers Arctific (Feb 16)
- Re: Password Crackers ROB DIXON (Feb 16)