Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 6 Jun 2007 12:14:12 +0100
From: "Evo Eftimov, iSec Consulting, www.isecc.com" <evo.eftimov@...cc.com>
To: <john-users@...ts.openwall.com>
Subject: RE: success rate

It is crypt(3) and there were no password policy rules enforced on the
system except minimum length. 

My assessment is that 90% of the yield is due to the word mangling rules
embedded in the product and the carefully selected wordlists which are also
part of the product. Only 5 to 10% of the yield is due to the additional
tuning done by me

I've also benefited from the SSE support in JR 

Regards

Evo

-----Original Message-----
From: Solar Designer [mailto:solar@...nwall.com] 
Sent: 06 June 2007 11:26
To: john-users@...ts.openwall.com
Subject: [john-users] success rate

On Wed, Jun 06, 2007 at 10:54:06AM +0100, Evo Eftimov, iSec Consulting,
www.isecc.com wrote:
> All - I highly recommend John the Ripper to anybody with password
validation
> project - just by running the software in single and worldlist modes (with
> carefully tuned rules taking into account specific cultural and
> psychological factors relevant to the target environment) I've been able
> to obtain 45% success rate. The single mode was extremely effective to
> demonstrate some quick wins to the management.

Thank you for sharing your experience.

You haven't mentioned what hash type you were running JtR on.  From the
success rate, I guess that those were traditional DES-based crypt(3)
hashes with almost no prior password policy enforcement.  The hash type
affects success rate a lot.  For LM hashes, it would be much higher
(90% to 100% if you let "incremental" mode run for a few days).  For
newer crypt(3) flavors, it would be lower.

How much of an improvement did your careful tuning of rules provide?
What would the success rate be without such tuning?

If you also include some "incremental" mode time (a few days?) with
default settings, what would the success rate be?

P.S. Please avoid over-quoting when you post to this mailing list.
Usually, it is enough to quote just a few lines from the message you're
responding to.  Also, your messages lack a Message-ID header, which
breaks threading of any replies in web-based archives of the list.  Is
this possibly an effect of your corporate firewall, and is it something
you can fix?

Thanks,

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.



-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.