Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 27 May 2008 23:01:40 -0400
From: bofh <>
Subject: Re: 15 characters

On Tue, May 27, 2008 at 9:15 PM, Solar Designer <> wrote:

> > would take at 10 and 12 characters?
> Can't you do some math on your own?

Sorry, wasn't thinking.  Thanks for the answer though.

> I'm not really looking at cracking an entire password file, I'm
> > more of looking at a proving a point to some business folks.
> You should look for a different way to prove it - not by going for
> exhaustive search over a certain character set and range of lengths.
> Perhaps there are plenty of weak passwords, despite of their length.

I've already found some, but these are user level things.  The root
passwords are more secure and are over 8 characters long.

amount of time.  This is why it makes sense to detect and eliminate weak
> passwords.

I may try it without capital letters and see how that goes.  How does JtR
deal with two simultaneous sessions?  I'm running it on a dual core, and
it's only using 1 core.  Is it feasible, and more importantly, does it make
sense to leave the current session running all@8 characters, and start a new
one with a more limited character subset, running from 9-12?

> Also, you've never mentioned the hash type you're dealing with, although
> it is very relevant and might affect my advice.

Whatever is the standard/default on aix 5.2.

"This officer's men seem to follow him merely out of idle curiosity." --
Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks factory
where smoking on the job is permitted." -- Gene Spafford
learn french:

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.