Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 24 Sep 2010 13:08:27 -0700
From: Alain Espinosa <alainesp@...il.com>
To: john-users <john-users@...ts.openwall.com>
Subject: Features of a modern cracker?

Hi. I am not sure this is a little of-topic, but i think can involve
john as well.

During some time i was thinking how to make a program to crack windows
hashes and i try different programs to see common features. I do not
see features that i think can be helpful and i share this with the
list:

1- Speed: When come to passwords cracking speed its one of the
principal features.
      a) Auto-configuration: At first launch perform a benchmark and
choose best parameters for given hardware. This can involve processor
cache (i do not know how much affect speed) and others parameters like
using GPU cracking (a huge speedup if params chosen carefully)
    b) Different algorithms based in key length: This can provide a
good speedup in fast hashing algorithms like NTLM. I think MDCrack use
this.

2- Easy of use: Many user do not have the sufficient knowledge to use
a cracking program the best.
     a) The benchmarks given in 1a need to include various cracking
mode (single, wordlist and incremental in john). There is a tendency
to show benchmark numbers only in modes like incremental.
     b) Given the benchmark in 1a suggest levels of attacks. For
example the program can have 3 levels: fast (time<1min), medium
(1min<time<1hour), slow (1hour<time<6hour). The program can
automatically suggest maximum key-length for this 3 levels given the
benchmark in 1a.

3- Statistics are very important: Information its very valuable and
need to be persistent. I think this is the most important and john can
implement and use it better.
    a) The old and tested way to do that its with a database. Do not
need to be a "big" database server like MySQL or PostgreSQL or MS-SQL;
a little one like SQLite can do the job.
    b) In a database with a good amount of data you can generate
reports. Note that this reports do not need to be implemented in the
same cracking program. Can be one of the multiple java programs for
reports. Reports that can show passwords statistics, what method of
cracking cracks more passwords and in what time and a lot more. This
can provide a method to share results in a more organized form.


Do you see some of this features in others programs? Anyone that you
think are useful but not mention here?

My intention isn't to open a thread for "John features request", it is
to comment about what features can be important or more important that
others. I do not see any of this in a request here in the list, this
imply other are more useful?

saludos,
alain

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.