Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 6 Jun 2007 12:14:12 +0100
From: "Evo Eftimov, iSec Consulting, www.isecc.com" <evo.eftimov@...cc.com>
To: <john-users@...ts.openwall.com>
Subject: RE: success rate

It is crypt(3) and there were no password policy rules enforced on the
system except minimum length. 

My assessment is that 90% of the yield is due to the word mangling rules
embedded in the product and the carefully selected wordlists which are also
part of the product. Only 5 to 10% of the yield is due to the additional
tuning done by me

I've also benefited from the SSE support in JR 

Regards

Evo

-----Original Message-----
From: Solar Designer [mailto:solar@...nwall.com] 
Sent: 06 June 2007 11:26
To: john-users@...ts.openwall.com
Subject: [john-users] success rate

On Wed, Jun 06, 2007 at 10:54:06AM +0100, Evo Eftimov, iSec Consulting,
www.isecc.com wrote:
> All - I highly recommend John the Ripper to anybody with password
validation
> project - just by running the software in single and worldlist modes (with
> carefully tuned rules taking into account specific cultural and
> psychological factors relevant to the target environment) I've been able
> to obtain 45% success rate. The single mode was extremely effective to
> demonstrate some quick wins to the management.

Thank you for sharing your experience.

You haven't mentioned what hash type you were running JtR on.  From the
success rate, I guess that those were traditional DES-based crypt(3)
hashes with almost no prior password policy enforcement.  The hash type
affects success rate a lot.  For LM hashes, it would be much higher
(90% to 100% if you let "incremental" mode run for a few days).  For
newer crypt(3) flavors, it would be lower.

How much of an improvement did your careful tuning of rules provide?
What would the success rate be without such tuning?

If you also include some "incremental" mode time (a few days?) with
default settings, what would the success rate be?

P.S. Please avoid over-quoting when you post to this mailing list.
Usually, it is enough to quote just a few lines from the message you're
responding to.  Also, your messages lack a Message-ID header, which
breaks threading of any replies in web-based archives of the list.  Is
this possibly an effect of your corporate firewall, and is it something
you can fix?

Thanks,

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.



-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ