lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200403230812.i2N8C0Y25255@singularity.tronunltd.com> From: Ian.Latter at mq.edu.au (Ian Latter) Subject: commerical rainbow crack? Hello Richard, I haven't read the whole thread yet, but if this is what you came to, then there are a couple of other options; plJohn http://www.hick.org/~johnycsh/code/ CHAOS http://itsecurity.mq.edu.au/chaos/ plJohn is a perl wrapper for piping one dictionary combo out into a swarm of JtR crackers (for an openMosix cluster primarily). And then CHAOS is a bootable CD implementation of openMosix with "forkjohn" - a binary version of plJohn that I implemented - to do the same thing. Take your closest computer lab and dedicate the whole thing to the process, and you'll have an audit outcome in no time (exactly what I built CHAOS in the first place). The advantage of this type of usage of JtR, versus systems like djohn (and a couple of others) is that your don't need to modify the JtR executable itself -- just pipe what you need around (you could prolly use your imagination with netcat and get away with using it without a cluster, if you're looking at something simpler). The irony of ironies .. is that *the* password that I wanted to audit; I still haven't established the hash-type for, so the primary purpose has really become moot. NB: If you're going to end up brute forcing the password, rather than dictionary-attacking it, then consider Cisilia also; http://www.cisiar.org/proyectos/cisilia/home_en.php ----- Original Message ----- >From: "Richard Stevens" <richard@...net.co.uk> >To: <full-disclosure@...ts.netsys.com> >Subject: RE: [Full-Disclosure] commerical rainbow crack? >Date: Mon, 22 Mar 2004 21:28:12 -0000 > > thanks to all for the input., looks like john it is, with a little more patience :) > > out of interest, anyone think a distributed project using john would be useful? something like the SETI screen saver thing... > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- Ian Latter Internet and Networking Security Officer Macquarie University
Powered by blists - more mailing lists