From: OBrien, Brennan (BOBrien@columbia.com)
Date: Mon Dec 08 2003 - 14:38:04 EST
Okay, I hear what you're saying about the amount of time being used and
all... but..
If your users are like the ones I've seen, that "reasonably strong"
password (such as &Y6N8gg0 -- presumably strong) is just going to get
written down on a sticky tab and put on the users monitor or under their
keyboard. The point is, while you've done a great job creating a strong
keyspace which is difficult to break, I may open up a bigger problem.
The goal is to get through the proverbial wall. Whether I do that by
breaking through the bricks or scaling it or just going around, it
doesn't really matter to me. If I make the wall thicker, that just
moves the problem -- I'm still interested in getting to the other side,
and I know I won't be able break through it, so off I go to find a
different solution...
Just my thoughts.
-----Original Message-----
From: Benjamin Tomhave [mailto:falcon@secureconsulting.net]
Sent: Monday, December 08, 2003 10:58 AM
To: pen-test@securityfocus.com
Subject: RE: john the ripper
Scary numbers...so, semi-drifting question: how long is an "acceptable"
length of time to run a cracker before pronouncing that uncracked
passwords
are "reasonably strong and well-chosen"?
> -----Original Message-----
> From: Mike [mailto:myname17@bellsouth.net]
> Sent: Monday, December 08, 2003 3:45 AM
> To: Giacomo; pen-test@securityfocus.com
> Subject: Re: john the ripper
>
>
> I recently did a little research on this, and if the password was
> well chosen
> you will not find the password.
>
> An 8 character password, based on a 72 character set (26 lower
> case letters,
> 26 uppercase letters, 10 digits, and 10 special characters)
> results in 72^8
> or 7.2x10^14 possible passwords. My reference PC was only able
> to crack at
> 1500c/s. Doing the math reveals that 150,000 years would be required
to
> crack all combinations, or 75,000 years on average. For a 12
character
> password the result was 2,000,000,000,000 years.
>
> If my math is wrong, please break it to me gently.
>
> Mike
>
> On Tuesday 02 December 2003 10:52 am, Giacomo wrote:
> > Hi all
> >
> > I am tryning to crack cisco md5 password.
> > Currently I am using a Athlon XP2500barton at 2300mhz, after 17days
john
> > continue to crack at 3800c/s (it started at 4500c/s).
> > I am asking myself and all of you what is the best system (hardware)
to
> > crack md5 password.
> > I am thinking that the best way Is the powerfull (mhz) i386 in
commerce.
> > I've tried OpenMosix with 4 p500 nodes with john and cisilia, but
> > without lucky results.
> > The sun 280 (dual 64bits cpu at 900mhz) go to a poor 900c/s
> >
> > which is you reference system to use john on md5 password ?
> >
> > Giacomo
> >
> >
> >
> >
> ------------------------------------------------------------------
> ---------
> >
> ------------------------------------------------------------------
> ---------
> >-
>
>
> ------------------------------------------------------------------
> ---------
> ------------------------------------------------------------------
> ----------
>
>
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:43 EDT