Date: Wed, 6 Jun 2007 14:26:19 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: success rate On Wed, Jun 06, 2007 at 10:54:06AM +0100, Evo Eftimov, iSec Consulting, www.isecc.com wrote: > All - I highly recommend John the Ripper to anybody with password validation > project - just by running the software in single and worldlist modes (with > carefully tuned rules taking into account specific cultural and > psychological factors relevant to the target environment) I've been able > to obtain 45% success rate. The single mode was extremely effective to > demonstrate some quick wins to the management. Thank you for sharing your experience. You haven't mentioned what hash type you were running JtR on. From the success rate, I guess that those were traditional DES-based crypt(3) hashes with almost no prior password policy enforcement. The hash type affects success rate a lot. For LM hashes, it would be much higher (90% to 100% if you let "incremental" mode run for a few days). For newer crypt(3) flavors, it would be lower. How much of an improvement did your careful tuning of rules provide? What would the success rate be without such tuning? If you also include some "incremental" mode time (a few days?) with default settings, what would the success rate be? P.S. Please avoid over-quoting when you post to this mailing list. Usually, it is enough to quote just a few lines from the message you're responding to. Also, your messages lack a Message-ID header, which breaks threading of any replies in web-based archives of the list. Is this possibly an effect of your corporate firewall, and is it something you can fix? Thanks, -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ