RE: [suse-security] Cracking passwd "linux" with John (JTR) took 1hr
From what I've seen, the john -incremental test cracks passwords much faster
then the default john options. I could crack numbers, uppercase, lowercase and one special char in less then 4 hours on a p4 3.0. Simple text passwords like linux done in 30 seconds, but you gotta realize that john guesses semi-randomly and not in a true brute force fasion. This is why its great for those single accounts that other crackers like rainbow couldn't get with letters and numbers. If you keep pressing enter the next time you run john, you should see its "progress" and actually see what pw's its using. Matt -----Original Message----- From: Al Bogner [mailto:suse-security@ml04c.pinguin.uni.cc] Sent: Saturday, July 24, 2004 10:20 AM To: suse-security@suse.com Subject: [suse-security] Cracking passwd "linux" with John (JTR) took 1hr I try to find out how secure my passwords are and tried the following: I created a file passwd.1 with the following content: test: $2a$05$CL3uN2mrTaP6zoDNubQsEuFhxIB0K4bIylcm5yuP5LTY8nZ3HJ4MO:1002:100:te st:/home/test:/bin/bash Then I used john from SuSE 9.1-DVD: john -users:test -session:testcrack passwd.1 Loaded 1 password hash (OpenBSD Blowfish [32/32]) linux (test) guesses: 1 time: 0:01:11:27 (3) c/s: 333 trying: linux Why does it take so long to crack a simple passwd like "linux", while the password test1 was found immediately? I used a XP 2700+ with the following bechmarks: john -test Benchmarking: Traditional DES [24/32 4K]... DONE Many salts: 223578 c/s real, 232391 c/s virtual Only one salt: 214406 c/s real, 218773 c/s virtual Benchmarking: BSDI DES (x725) [24/32 4K]... DONE Many salts: 8009 c/s real, 8139 c/s virtual Only one salt: 7924 c/s real, 8053 c/s virtual Benchmarking: FreeBSD MD5 [32/32]... DONE Raw: 5999 c/s real, 6262 c/s virtual Benchmarking: OpenBSD Blowfish (x32) [32/32]... DONE Raw: 362 c/s real, 370 c/s virtual Benchmarking: Kerberos AFS DES [24/32 4K]... DONE Short: 213350 c/s real, 215941 c/s virtual Long: 593561 c/s real, 595945 c/s virtual Benchmarking: NT LM DES [32/32 BS]... DONE Raw: 3056787 c/s real, 3062913 c/s virtual Al -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (1)
-
Matt Bohall