Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Sun, 10 Sep 2006 17:56:45 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: need advice on setting up cracking system for large organisation

On Sun, Sep 10, 2006 at 12:14:59PM +1200, Russell Fulton wrote:
> Long term if this proves valuable I will get
> dedicated resources for the project.  To get it off the ground I want to
> leverage those spare cpu cycles.  It is easier to make a business case
> when you have some solid evidence ;)

Sure.  Please note, however, that there's not a lot of a difference
between 1 CPU and 10 CPUs - even if you use all of them optimally - in
the percentage of passwords cracked, say, in a week.  The success rate
decreases rapidly the longer you let JtR run.  So if you're going to get
dedicated resources for this, my advice is that you settle for a single
fast workstation - e.g., a dual CPU x86 or PPC G5 system (x86s are
better for MD5, PPCs might be better for DES-based crypt(3) hashes).
You might also reuse any old/slow/retired machine for the dedicated
"secure drop box".

> > How fast are the "big machines" when it comes to password cracking?
> > They might have disk arrays, large memories and caches, but this is of
> > no use for John the Ripper.  Chances are that you can find a single
> > workstation that would be more suitable for the task.
> 
> good point, particularly if JtR is not threaded.  Many of these boxes
> are multi cpu.

Well, multiple CPUs are of some help if you're going to be running
multiple instances of JtR anyway (one per hash type).  What I am saying
is that it might not be worth the risk to distribute the task across
multiple shared use systems.

> >> I have tried a run with john using the mangled list against 10 users in
> >> a BSD MD5 hash format password file.  It took 15 hours on a fairly fast
> >> Intel processor.
> > 
> > That's because the pre-mangled wordlist is very large and the MD5-based
> > hashes are quite slow to compute.  If you intend to be running against a
> > substantially larger number of hashes of this type, you can opt to use
> > smaller wordlists.
> 
> in a university environment we do get people using words from foreign
> languages (particularly forms of their names) in the belief that these
> are 'secure'.  So that's why I used the full list.

That's reasonable, and I am not suggesting that you drop the foreign
languages entirely.  I am merely suggesting that you drop the larger
versions of the wordlists for each language, including English, when
cracking the slower hashes.  For English, you could keep the wordlists
under 1-tiny and 2-small, but not those under 3-large and 4-extra.  For
other languages, where two different size versions of wordlists are
available, keep only those under 1-*, not those under 2-*.  Of course,
you need to start your combined wordlist with the common password lists -
these are to be included prior to any language-specific wordlists, maybe
even with mangling rules pre-applied.

> I've  just decided that I desperately need the Pro version ;)  I'll
> order it on Monday.

Feel free.  It also includes a newer revision of the all.lst wordlist,
so you'll want to use #!comment's from that revision when you build your
own wordlists.

P.S. I've unsubscribed "ricardo anselmo".

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ