Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 25 Jun 2006 22:30:46 -0500
From: "Randy B" <aoz.syn@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: faster scan for blowfish on OpenBSD 3.9

> and it is processed with a strong password hashing method.

*really* strong.  When I get presented a blowfish-encrypted password,
I start getting all shifty-eyed and try to find something else to do.
There's really no good way to go about them, other than having a
really good dictionary+ruleset and a reasonably poor password.

Pretty much, if I can't get even a DES password in 48 hours I give up
- there are far easier and quicker ways to compromise a password.
Blowfish I'll usually quit after the first two passes - it's
[comparatively] so slow and those BSD-ers typically choose really
nasty passwords.  Your biggest chokepoint is the Blowfish algorithm
itself - on an Athlon XP 1800 running 1.7.0.2, the Blowfish
calculations are nearly 2000 times slower than DES.


RB

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ