RE: john the ripper

MJohnst5_at_prdgb.JNJ.com
Date: 12/10/03

  • Next message: steve.posick_at_advansol.com: "Re: Education End Users about Passwords"
    To: myname@myrealbox.com, myname17@bellsouth.net, badgiaco@supereva.it, pen-test@securityfocus.com
    Date: Wed, 10 Dec 2003 11:34:56 +0100
    
    

    Have a look at a tool called Cain and Able .... has a built in mechanism for
    Cisco md5 password cracking.

    Spark88

    -----Original Message-----
    From: Anish M [mailto:myname@myrealbox.com]
    Sent: 09 December 2003 02:24
    To: Mike; Giacomo; pen-test@securityfocus.com
    Subject: RE: john the ripper

    Hi,
     I am not sure a brute force attack on md5 password is the best.There has
    been better attacks on hashes especially md5,if some one could point me at
    the way md5 password is implemented I could give a shot at an estimate :-)
    regards
    Anish

    -----Original Message-----
    From: Mike [mailto:myname17@bellsouth.net]
    Sent: 08 December 2003 10:45
    To: Giacomo; pen-test@securityfocus.com
    Subject: Re: john the ripper

    I recently did a little research on this, and if the password was well
    chosen
    you will not find the password.

    An 8 character password, based on a 72 character set (26 lower case letters,
    26 uppercase letters, 10 digits, and 10 special characters) results in 72^8
    or 7.2x10^14 possible passwords. My reference PC was only able to crack at
    1500c/s. Doing the math reveals that 150,000 years would be required to
    crack all combinations, or 75,000 years on average. For a 12 character
    password the result was 2,000,000,000,000 years.

    If my math is wrong, please break it to me gently.

    Mike

    On Tuesday 02 December 2003 10:52 am, Giacomo wrote:
    > Hi all
    >
    > I am tryning to crack cisco md5 password.
    > Currently I am using a Athlon XP2500barton at 2300mhz, after 17days john
    > continue to crack at 3800c/s (it started at 4500c/s).
    > I am asking myself and all of you what is the best system (hardware) to
    > crack md5 password.
    > I am thinking that the best way Is the powerfull (mhz) i386 in commerce.
    > I've tried OpenMosix with 4 p500 nodes with john and cisilia, but
    > without lucky results.
    > The sun 280 (dual 64bits cpu at 900mhz) go to a poor 900c/s
    >
    > which is you reference system to use john on md5 password ?
    >
    > Giacomo
    >
    >
    >
    > --------------------------------------------------------------------------
    -
    > --------------------------------------------------------------------------
    -
    >-

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: steve.posick_at_advansol.com: "Re: Education End Users about Passwords"