RE: john the ripper

MJohnst5_at_prdgb.JNJ.com
Date: 12/10/03

  • Next message: steve.posick_at_advansol.com: "Re: Education End Users about Passwords"
    To: myname@myrealbox.com, myname17@bellsouth.net, badgiaco@supereva.it, pen-test@securityfocus.com
    Date: Wed, 10 Dec 2003 11:34:56 +0100
    
    

    Have a look at a tool called Cain and Able .... has a built in mechanism for
    Cisco md5 password cracking.

    Spark88

    -----Original Message-----
    From: Anish M [mailto:myname@myrealbox.com]
    Sent: 09 December 2003 02:24
    To: Mike; Giacomo; pen-test@securityfocus.com
    Subject: RE: john the ripper

    Hi,
     I am not sure a brute force attack on md5 password is the best.There has
    been better attacks on hashes especially md5,if some one could point me at
    the way md5 password is implemented I could give a shot at an estimate :-)
    regards
    Anish

    -----Original Message-----
    From: Mike [mailto:myname17@bellsouth.net]
    Sent: 08 December 2003 10:45
    To: Giacomo; pen-test@securityfocus.com
    Subject: Re: john the ripper

    I recently did a little research on this, and if the password was well
    chosen
    you will not find the password.

    An 8 character password, based on a 72 character set (26 lower case letters,
    26 uppercase letters, 10 digits, and 10 special characters) results in 72^8
    or 7.2x10^14 possible passwords. My reference PC was only able to crack at
    1500c/s. Doing the math reveals that 150,000 years would be required to
    crack all combinations, or 75,000 years on average. For a 12 character
    password the result was 2,000,000,000,000 years.

    If my math is wrong, please break it to me gently.

    Mike

    On Tuesday 02 December 2003 10:52 am, Giacomo wrote:
    > Hi all
    >
    > I am tryning to crack cisco md5 password.
    > Currently I am using a Athlon XP2500barton at 2300mhz, after 17days john
    > continue to crack at 3800c/s (it started at 4500c/s).
    > I am asking myself and all of you what is the best system (hardware) to
    > crack md5 password.
    > I am thinking that the best way Is the powerfull (mhz) i386 in commerce.
    > I've tried OpenMosix with 4 p500 nodes with john and cisilia, but
    > without lucky results.
    > The sun 280 (dual 64bits cpu at 900mhz) go to a poor 900c/s
    >
    > which is you reference system to use john on md5 password ?
    >
    > Giacomo
    >
    >
    >
    > --------------------------------------------------------------------------
    -
    > --------------------------------------------------------------------------
    -
    >-

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: steve.posick_at_advansol.com: "Re: Education End Users about Passwords"

    Relevant Pages

    • john the ripper
      ... I am tryning to crack cisco md5 password. ... Currently I am using a Athlon XP2500barton at 2300mhz, after 17days john ... which is you reference system to use john on md5 password? ...
      (Pen-Test)
    • Re: john the ripper
      ... My reference PC was only able to crack at ... Doing the math reveals that 150,000 years would be required to ... crack all combinations, or 75,000 years on average. ... > I am tryning to crack cisco md5 password. ...
      (Pen-Test)
    • RE: john the ripper
      ... I am not sure a brute force attack on md5 password is the best.There has ... Doing the math reveals that 150,000 years would be required to ... crack all combinations, or 75,000 years on average. ...
      (Pen-Test)
    • Re: Decrypt Passwords
      ... it is called brute force. ... John the ripper might help ... If its a good password though it could take a very long time to crack ...
      (RedHat)
    • Cracking bigcrypt/crypt16 password hashes
      ... get John the Ripper and Crack to work with bigcrypt/crypt16. ...
      (Focus-Linux)