Home page logo

pen-test logo Penetration Testing mailing list archives

Re: hardware vs. john the ripper
From: Anders Thulin <Anders.Thulin () tietoenator com>
Date: Fri, 23 Jan 2004 09:18:46 +0100

Rafael Núñez wrote:

So Which hardware/trademark would the best one?,  Proliant Server?  SGI ?
Alpha ones?  please i need some links about it

  Don't focus on the hardware too early -- focus on what your goals
are, and how your cracking process is structured to address those
goals.  Of course, at some point you want to have a password cracker
(the crypto modules in john) that does a good job on whatever architecture
you have in mind, but don't get stuck on assuming you can't improve the
software part as well. (Some of the add-on modules to john can be
improved just by doing some simple hand-optimizations, taking the fairly
specialized situation into account.)

  So, what is your goal? To crack *all* passwords? To minimize the time
to first crack? Crack all the simple ones quickly? To crack only the one
that matters, but to do so in a predictable time? And what passwords are
you thinking of? Any kind? Or just Windows-type?

  How well can the process be run in parallel? Say, run john in incremental
mode on one processor, while you're running others with different types
of dictionary cracks, rule based or not? It may be that 8 medium-powered
systems can do as well or better as one single high-powered one, depending
on what you're trying to achieve. (John the ripper benchmark results
can help you evaluate how far you can go here.)

  If time is not a major factor, you can do a lot just by trying out
common search spaces 'by hand', say by generating all passwords of
a particular pattern (letters with tailing digits, say, of max length 8),
and running them through john in no-rules wordlist mode. If you're
using a bit-sliced crypto implementation, this can be quite fast.

  If you're going for predictable time, investigate the Hellman-Oechslin
approach (a.k.a. rainbow tables). It can be tuned to cover a search space
more or less completely, and time is highly predictable. There used
to be Windows sources for this method applied to Windows LM hashes on the
net under the name 'RCRACK' or 'RTCRACK' -- it may still be out there.
The method can fairly easily be applied to most encryption methods, though
it will require some coding to get there. This method lends itself
to just about any degree of parallelization -- even the pre-crack
table computation time can be done in parallel (and could easily be made
into a distributed project a la seti () home, in fact).

  If you're going for shortest time (for a given encryption method),
you may want to pre-crack as many passwords as possible, and then
simply look the hashes up in a database when crack-time comes. You
spend a lot of time creating the database, but you will get crack times
as low as your disk and your database coverage allows. This is probably
the way to go to crack easy or obvious passwords extremely quickly.
If you don't need 'extremely', it's overkill.

  If you're going for a method where pre-cracking is a factor, you
might want to check out if that step can be speeded up by using
some cryptographic coprocessor. You'll need to have OS support for them,
though -- don't know how FreeBSD compares to OpenBSD here. But again,
you probably will have to be prepared to do a fair amount of coding.

  If you just don't know ...

  ... buy a moderately good system, and use it as a learning
bench. Ensure you can buy a second system if you want to
go into parallel cracking later.

Anders Thulin   anders.thulin () tietoenator com   040-661 50 63        
TietoEnator Telecom & Media AB, Box 85, SE-201 20 Malmö


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]