From: Jason Watson (penscan@hotmail.com)
Date: Tue Dec 09 2003 - 21:49:43 EST
Hi people,
For a few years I have had this idea in my head about a secure(er)
authentication system to that of telling the user the password. My system
is basically still a password system but it uses a key-card to access (there
are several of these systems out there). the password is then stored by PGP
(GnuPGP) in a 1024 bit hash, everyday at a "random" time the password server
sends a new (encrypted of course) key to the card reader which stores the
new password on it's magnetic strip). Everytime the password is read a new
password is sent. This would easily allow for 1000 character passwords, in
turn increasing system security dramatically. Passwords alone are never
going to secure systems but every little-bit helps.
Kind regards,
Jason Watson.
>Okay, I hear what you're saying about the amount of time being used and
>all... but..
>
>If your users are like the ones I've seen, that "reasonably strong"
>password (such as &Y6N8gg0 -- presumably strong) is just going to get
>written down on a sticky tab and put on the users monitor or under their
>keyboard. The point is, while you've done a great job creating a strong
>keyspace which is difficult to break, I may open up a bigger problem.
>The goal is to get through the proverbial wall. Whether I do that by
>breaking through the bricks or scaling it or just going around, it
>doesn't really matter to me. If I make the wall thicker, that just
>moves the problem -- I'm still interested in getting to the other side,
>and I know I won't be able break through it, so off I go to find a
>different solution...
>
>Just my thoughts.
>
>
>-----Original Message-----
>From: Benjamin Tomhave [mailto:falcon@secureconsulting.net]
>Sent: Monday, December 08, 2003 10:58 AM
>To: pen-test@securityfocus.com
>Subject: RE: john the ripper
>
>Scary numbers...so, semi-drifting question: how long is an "acceptable"
>length of time to run a cracker before pronouncing that uncracked
>passwords
>are "reasonably strong and well-chosen"?
>
> > -----Original Message-----
> > From: Mike [mailto:myname17@bellsouth.net]
> > Sent: Monday, December 08, 2003 3:45 AM
> > To: Giacomo; pen-test@securityfocus.com
> > Subject: Re: john the ripper
> >
> >
> > I recently did a little research on this, and if the password was
> > well chosen
> > you will not find the password.
> >
> > An 8 character password, based on a 72 character set (26 lower
> > case letters,
> > 26 uppercase letters, 10 digits, and 10 special characters)
> > results in 72^8
> > or 7.2x10^14 possible passwords. My reference PC was only able
> > to crack at
> > 1500c/s. Doing the math reveals that 150,000 years would be required
>to
> > crack all combinations, or 75,000 years on average. For a 12
>character
> > password the result was 2,000,000,000,000 years.
> >
> > If my math is wrong, please break it to me gently.
> >
> > Mike
> >
> > On Tuesday 02 December 2003 10:52 am, Giacomo wrote:
> > > Hi all
> > >
> > > I am tryning to crack cisco md5 password.
> > > Currently I am using a Athlon XP2500barton at 2300mhz, after 17days
>john
> > > continue to crack at 3800c/s (it started at 4500c/s).
> > > I am asking myself and all of you what is the best system (hardware)
>to
> > > crack md5 password.
> > > I am thinking that the best way Is the powerfull (mhz) i386 in
>commerce.
> > > I've tried OpenMosix with 4 p500 nodes with john and cisilia, but
> > > without lucky results.
> > > The sun 280 (dual 64bits cpu at 900mhz) go to a poor 900c/s
> > >
> > > which is you reference system to use john on md5 password ?
> > >
> > > Giacomo
> > >
> > >
> > >
> > >
> > ------------------------------------------------------------------
> > ---------
> > >
> > ------------------------------------------------------------------
> > ---------
> > >-
> >
> >
> > ------------------------------------------------------------------
> > ---------
> > ------------------------------------------------------------------
> > ----------
> >
> >
>
>
>------------------------------------------------------------------------
>---
>------------------------------------------------------------------------
>----
>
>
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------
>
_________________________________________________________________
Download MSN Messenger @ http://messenger.xtramsn.co.nz - talk to family
and friends overseas!
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:43 EDT