Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Cracking

From: xyberpix <xyberpix () xyberpix com>
Date: Wed, 15 Sep 2004 21:38:08 +0100
Hi Fabio,

With enough time you can crack all passwords, regardless of what they
are. I won't argue that in 24h, you probably wouldn't be able to crack
something like k;!p-__f, but hey, I've added those three to my custom
passwd lists. :-)
Also, I make a general rule of generating custom passwds at least once a
week to add to various lists, it just makes it easier.

xyberpix


On Wed, 2004-09-15 at 18:44, Fabio Miranda Hamburger wrote:

To me I've always had great success with LC4 and John, it all depends
what platform I'm on at the time though, and what dictionary lists I
have loaded at the time as well, so far I haven't found a passwd that I
haven't been able to crack, yet!


You use easy to guess passwords based on letters and numbers. The
dicctionary and GECOS generated passwords are weak. If you can crack all
the passwords that host doesnt have a password policy.

Have you cracked passwords like:

k;!p-__f
"d%g..H#
^ f!)I..

You can make the passwords > 8 digits so you cant really crack all the
passwords.

fabio.

-- 
For Security and Open Source news:
http://xyberpix.demon.co.uk

Attachment: signature.asc
Description: This is a digitally signed message part

Previous By Date Next
Previous By Thread Next

Current thread: