Date: Fri, 24 Sep 2010 13:08:27 -0700 From: Alain Espinosa <alainesp@...il.com> To: john-users <john-users@...ts.openwall.com> Subject: Features of a modern cracker? Hi. I am not sure this is a little of-topic, but i think can involve john as well. During some time i was thinking how to make a program to crack windows hashes and i try different programs to see common features. I do not see features that i think can be helpful and i share this with the list: 1- Speed: When come to passwords cracking speed its one of the principal features. a) Auto-configuration: At first launch perform a benchmark and choose best parameters for given hardware. This can involve processor cache (i do not know how much affect speed) and others parameters like using GPU cracking (a huge speedup if params chosen carefully) b) Different algorithms based in key length: This can provide a good speedup in fast hashing algorithms like NTLM. I think MDCrack use this. 2- Easy of use: Many user do not have the sufficient knowledge to use a cracking program the best. a) The benchmarks given in 1a need to include various cracking mode (single, wordlist and incremental in john). There is a tendency to show benchmark numbers only in modes like incremental. b) Given the benchmark in 1a suggest levels of attacks. For example the program can have 3 levels: fast (time<1min), medium (1min<time<1hour), slow (1hour<time<6hour). The program can automatically suggest maximum key-length for this 3 levels given the benchmark in 1a. 3- Statistics are very important: Information its very valuable and need to be persistent. I think this is the most important and john can implement and use it better. a) The old and tested way to do that its with a database. Do not need to be a "big" database server like MySQL or PostgreSQL or MS-SQL; a little one like SQLite can do the job. b) In a database with a good amount of data you can generate reports. Note that this reports do not need to be implemented in the same cracking program. Can be one of the multiple java programs for reports. Reports that can show passwords statistics, what method of cracking cracks more passwords and in what time and a lot more. This can provide a method to share results in a more organized form. Do you see some of this features in others programs? Anyone that you think are useful but not mention here? My intention isn't to open a thread for "John features request", it is to comment about what features can be important or more important that others. I do not see any of this in a request here in the list, this imply other are more useful? saludos, alain
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.