Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Password Cracking

from [tman] Network Security [Permanent Link]
Subject: Re: Password Cracking
Date: Thu, 16 Sep 2004 03:57:04 -0000 (GMT) 
I create two accounts today.  Test1 with the password noted below (
k;!p-__f, ) and Test2 with the password 4U_'Tis_a_long_password.

LC4 cracked Test1 in 4h17m39s.  It has not yet cracked Test2.  I suspect
that it will take almost 3 weeks ( LC4 is saying it will take 19d20h... ).
 Past experience tells me that it will crack it.

So, knowing that every password can be broken ( its just a matter of time
) I'm now an advocate of one time passwords ( like RSA SecurID ).  I had
been an advocate of PKI but having seen the the use of keyboard loggers to
compromise an enterprise's PKI infrastructure, I'm now off that bandwagon.

T



Hi Fabio,

With enough time you can crack all passwords, regardless of what they
are. I won't argue that in 24h, you probably wouldn't be able to crack
something like k;!p-__f, but hey, I've added those three to my custom
passwd lists. :-)
Also, I make a general rule of generating custom passwds at least once a
week to add to various lists, it just makes it easier.

xyberpix


On Wed, 2004-09-15 at 18:44, Fabio Miranda Hamburger wrote:

To me I've always had great success with LC4 and John, it all depends
what platform I'm on at the time though, and what dictionary lists I
have loaded at the time as well, so far I haven't found a passwd that

I

haven't been able to crack, yet!


You use easy to guess passwords based on letters and numbers. The
dicctionary and GECOS generated passwords are weak. If you can crack all
the passwords that host doesnt have a password policy.

Have you cracked passwords like:

k;!p-__f
"d%g..H#
^ f!)I..

You can make the passwords > 8 digits so you cant really crack all the
passwords.

fabio.

--
For Security and Open Source news:
http://xyberpix.demon.co.uk






---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Learning WAN technologies, Marcos E. Rodriguez
Next by Date:  Re: Windows2000 Security event logs, Times Enemy
Previous by Thread:  Re: Password Cracking, xyberpix
Next by Thread:  Re: Password Cracking, GuidoZ
Indexes:  [Date] [Thread] [Top] [All Lists]