Date: Wed, 6 Jun 2007 12:14:12 +0100 From: "Evo Eftimov, iSec Consulting, www.isecc.com" <evo.eftimov@...cc.com> To: <john-users@...ts.openwall.com> Subject: RE: success rate It is crypt(3) and there were no password policy rules enforced on the system except minimum length. My assessment is that 90% of the yield is due to the word mangling rules embedded in the product and the carefully selected wordlists which are also part of the product. Only 5 to 10% of the yield is due to the additional tuning done by me I've also benefited from the SSE support in JR Regards Evo -----Original Message----- From: Solar Designer [mailto:solar@...nwall.com] Sent: 06 June 2007 11:26 To: john-users@...ts.openwall.com Subject: [john-users] success rate On Wed, Jun 06, 2007 at 10:54:06AM +0100, Evo Eftimov, iSec Consulting, www.isecc.com wrote: > All - I highly recommend John the Ripper to anybody with password validation > project - just by running the software in single and worldlist modes (with > carefully tuned rules taking into account specific cultural and > psychological factors relevant to the target environment) I've been able > to obtain 45% success rate. The single mode was extremely effective to > demonstrate some quick wins to the management. Thank you for sharing your experience. You haven't mentioned what hash type you were running JtR on. From the success rate, I guess that those were traditional DES-based crypt(3) hashes with almost no prior password policy enforcement. The hash type affects success rate a lot. For LM hashes, it would be much higher (90% to 100% if you let "incremental" mode run for a few days). For newer crypt(3) flavors, it would be lower. How much of an improvement did your careful tuning of rules provide? What would the success rate be without such tuning? If you also include some "incremental" mode time (a few days?) with default settings, what would the success rate be? P.S. Please avoid over-quoting when you post to this mailing list. Usually, it is enough to quote just a few lines from the message you're responding to. Also, your messages lack a Message-ID header, which breaks threading of any replies in web-based archives of the list. Is this possibly an effect of your corporate firewall, and is it something you can fix? Thanks, -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you. -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ