On Wed, 27 Nov 2002, eric pareja wrote:
> I have -used- said tool. It is basically a dictionary attack and more.
> There are many more "cracker" tools that legit sysadmins employ to
> keep their own systems a bit more secure, but brute force cracking
> cannot completely regurgitate good passwords within short time
> constraints. Even if you have access to /etc/passwd and/or
> /etc/shadow, there's no assurance that you will be able to "crack" all
> password entries.
>
Actually "cracking all passwords" is next to impossible unless
you deploy Jack the Ripper on a grid computer (though you have to rewrite
it 1st). On a 4CPU SunFire I get 1-3 at most out of 300+ passwd even when
I run Jack the Rippper for 1 whole week. Although 4CPUs doesnt matter bec
I guess it is not multi-threaded. It runs at one cpu with one pid at a
time. Of course I do this to get rid of bad eggs. Jack is severely limited
by its default dictionary to decrypt (actually it's encrypt-compare, not
decrypt) unix passwd. One way of probably improving it is to make an
AI-based dictionary generating algo (eg it cant decrypt Tagalog passwd)
plus make use of mutilthread techniques to burn as many CPUs as possible.
rowel
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
