UGN Security
Posted By: PhaseSpace Some thoughts on PassWord Crackers - 09/30/03 08:02 AM
I have recently been trying to crack some 'difficult' passwords on my system with 7-8 alpha numeric characters.

Using Jack the Ripper, I have been running by
brute force to no avail. Looks like I may never manage at this rate.

I was wondering if people here could relate there experiences with the password crackers that are out there.

Which ones tend to be the fastest? What are the most reliable and efficient ones? Which ones tend to crack 'hard' passwords without resorting to brute force.

PhaseSpace
Posted By: sinetific Re: Some thoughts on PassWord Crackers - 09/30/03 09:11 AM
what type of encryption are you trying to decipher?
Posted By: PhaseSpace Re: Some thoughts on PassWord Crackers - 09/30/03 09:41 AM
It is your standard RedHat 9.0 distribution, so whatever they use to encrypt their user accounts with.
Posted By: sinetific Re: Some thoughts on PassWord Crackers - 09/30/03 10:59 AM
MD5
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/install-guide/s1-authconfig.html
Just get a better wordlist, wordlists are a lot better to use than a straight up bruteforce, but then a good admin wouldnt use a dictionary word. I doubt there is anything better than jack the ripper though i've never benchmarked crackers to see what's faster.
Posted By: PhaseSpace Re: Some thoughts on PassWord Crackers - 10/01/03 07:09 AM
Wordlist won't help here.

Actually, I have been running Jack the ripper for 2 days and 18 hours. (Pentium III system) Unreal! Is something wrong? or is that a fairly normal amount of time?
Posted By: sinetific Re: Some thoughts on PassWord Crackers - 10/01/03 10:00 AM
That is normal.

"It is pointed out that passwords only use ASCII characters 32-139, which would lead to a password that can be cracked in just a few years at 1,000,000,000 tries per second. Almost feasible - if you have a distributed network of blazing hardware and a few years to wait. Usually, none of this is true.
So, what is the solution?
It turns out that the best solution, in general, is exactly what many of the password crackers have implemented. Really, it is just an extension of already demonstrated logic. We reduce the search space by 432, 197,966,893,081,601 because of the observation that most passwords will only use ASCII codes 32-126. We can reduce this eve further if there any any other subsets we can remove.
As it turns out there are lots. For ezmaple, it is not often you will find a password such as Xtn(DJ"z, $N40NzJH, DxdL(&$&, et cetra. Most people would not be able to remeber a password with even this paltry amount of entropy. Thus, most passwords will be easier to remeber. Think about what would make a password easier to remeber.
Most people:
-Use a dictionary word.
-Use some combination of dictionary words.
-Try to obscure it somehow (such as using 1337)."

[Taken from: Fun Password Facts -by kaige, 2600 Magazine Vol 19 issue 3]

A word list will help. Not nessicarily a word list but a list of some type. If you look around the net you will find random password generators word lists and you can write programs to go through and change all the 'E's to '3's and things of that nature to add to your list. Using this will not make it fool proof but it will greatly reduce your time, and your chances of success.
Posted By: PhaseSpace Re: Some thoughts on PassWord Crackers - 10/01/03 11:36 AM
Cool, thanks for the info.

Hopefully it will take less than a few years wink
Posted By: fearENKI Re: Some thoughts on PassWord Crackers - 11/09/03 12:32 PM
thats good info....my windows password isnt a word, but my other [censored] is a combination of words
Posted By: fearENKI Re: Some thoughts on PassWord Crackers - 11/10/03 02:26 AM
hmm....awhile back i used a program called cane and able which cracked a 5 char pswrd including like 2 or 3 ASCIIs in like 3 hours...
© UGN Security Forum