Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Sep 2015 09:25:26 +0200
Subject: Re: best setup to crack format nt or nt2

On 21 sept. 2015, at 06:47, Frank Dittrich <> wrote:

> On 09/20/2015 10:35 PM, Patrick Proniewski wrote:
>> Hello,
>> I plan to make some kind of password audit at work. The purpose is to warn users about weak password, when they use one.
>> I'm going to dump Active Directory accounts (2008 R2), convert to some kind of GECOS format and launch John on the resulting file.
> Most likely, you will crack many hashes.
> But I would blame the poor password hash algorithm (fast, and even
> worse: not salted) at least as much as the user's choice of poor passwords.
> It has been known for many years that this hash algorithm is crap.

Yes, my preliminary tests yield to "appallingly good" results. We have different directories at work, a real LDAP server being our main authentication source, and the AD being a sidekick for services requiring Microsoft techno. Passwords in our LDAP are pretty securely stored. So I guess in the event of a security breach, AD content is far more interesting. I wish MS could address this password storage weakness…

>> I would like to run John for 24 hours on a decommissioned blade server, so I got 8 cpu cores, and lots of RAM, no GPU at all. What would be the best way to use most of this hardware? If I'm not mistaken, nt/nt2 can't get OpenMP benefits, so I could have to split the password file into 8 chunks, or use fork, or any other parallelism setup.
> Don't split the passwords.
> Since the hashes are not salted, you would waste a lot of time.
> (Comparing a computed hash against a salt is much faster than computing
> a hash.)
> Use --fork, and/or run different attacks against all the hashes on your
> different cores.

I'll try fork ASAP. THank you.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.