Date: Mon, 21 Sep 2015 06:47:57 +0200 From: Frank Dittrich <frank.dittrich@...lbox.org> To: john-users@...ts.openwall.com Subject: Re: best setup to crack format nt or nt2 On 09/20/2015 10:35 PM, Patrick Proniewski wrote: > Hello, > > I plan to make some kind of password audit at work. The purpose is to warn users about weak password, when they use one. > I'm going to dump Active Directory accounts (2008 R2), convert to some kind of GECOS format and launch John on the resulting file. Most likely, you will crack many hashes. But I would blame the poor password hash algorithm (fast, and even worse: not salted) at least as much as the user's choice of poor passwords. It has been known for many years that this hash algorithm is crap. > I would like to run John for 24 hours on a decommissioned blade server, so I got 8 cpu cores, and lots of RAM, no GPU at all. What would be the best way to use most of this hardware? If I'm not mistaken, nt/nt2 can't get OpenMP benefits, so I could have to split the password file into 8 chunks, or use fork, or any other parallelism setup. Don't split the passwords. Since the hashes are not salted, you would waste a lot of time. (Comparing a computed hash against a salt is much faster than computing a hash.) Use --fork, and/or run different attacks against all the hashes on your different cores. Frank
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.