Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Tue, 21 Aug 2012 16:17:18 +0200
From: Samuele Giovanni Tonon <samu@...uxasylum.net>
To: john-users@...ts.openwall.com
Subject: Re: Arstechnica Password article (feat. Matt Weir)

On 08/21/12 15:36, Rich Rumble wrote:
> http://arstechnica.com/security/2012/08/passwords-under-assault/
> Good article, no mention of Jtr :( or it's incremental and other
> modes, rather focus on GPU cracking using HashCat mostly; some other
> tools mentioned as well. Also I had no idea we were actually going to
> be up against the Erebus system (http://ob-security.info/?p=546)in the
> contest, but I guess I should of known :)
> While I wish JtR and all it's abilities (GPU included), the article is
> accurate as far as I can tell.

obligatory xkcd reference on password reuse: http://xkcd.com/792/

btw i'm quite interested by all this articles against password reuse 
while at the same time there are a lot of people asking for single sign 
on over the web, isn't something contradictory ?

And what about services like "last pass": aren't we just moving our 
problems to the "simple one" of the relying entirely our security on one 
single master password ? it's kind scary .


Cheers
Samuele

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ