Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 23 May 2005 23:09:43 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Fastest Crack of known password length

On Mon, May 23, 2005 at 02:14:39PM -0400, James wrote:
> Kind of hard to reset Root ;)

If you have physical access, it is trivial to reset the password,
unless special measures have been taken to prevent this very attack
(but this is very uncommon).

> As far as big wordlist I've tried that one and
> let it run forever it seems (over a week)

This is impossible.  It takes around 10 minutes to run all.lst with
the default set of rules against a single traditional DES-based hash,
on a single modern CPU with the current development version of John
built in an optimal way for your system.  If you use John 1.6 and/or
build it non-optimally and/or run this on an older system, this may
take hours.  But not days.

You must have been running "incremental".

> and since I am pretty sure the
> password is not word based it was unable to crack it. This is why I was
> thinking of an incremental against a known length of 8.

OK.

> One PC was set to incremental the other wasn't.

With the commands you've mentioned, one was running in batch mode
(meaning: "single crack" -> wordlist with rules -> "incremental"), the
other in "incremental" right away.  Both must have been running in
"incremental" after a few minutes.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ