Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20100729205823.GA29532@openwall.com>
Date: Fri, 30 Jul 2010 00:58:23 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Contest Details - "Crack Me If You Can" - DEFCON 2010

On Thu, Jul 29, 2010 at 10:15:49PM +0200, Simon Marechal wrote:
> Le 29/07/2010 21:52, Solar Designer a ?crit :
> > Yes: I've just registered a john-users team for the contest, although at
> > this point I don't yet know if it'll be just me or a team.  I/we will
> > deliberately avoid the use of "competing" tools (besides, the only good
> > ones I'm aware of are closed-source).  Let's see if we can build a team:
> 
> I would be interested in knowning what the good ones are in your
> opinion.

Oh, I guess I worded this too strongly.  I've never used those other
tools, so I can't really claim they're good - but based on what I hear,
compared to other tools out there a few stand out.  Since I don't want
to help other teams with the contest too much, let me just say that
those are the tools that, like JtR, support Crack-like wordlist rules.

BTW, we're at 1000+ subscribed e-mail addresses in here.  I have no idea
how many of those people are actually reading their john-users postings,
but at least none of those addresses are rejecting or bouncing messages
(if an address starts rejecting or bouncing, it gets dropped from the
list automatically).

> I got a licence from EDPR bought from my employer two years ago
> only to find it was garbage : slow, agent only working on windows and
> the oracle cipher crashed the agent. I don't even mention the chore it
> was to import a 10 user shadow file, or the fact that it couldn't do
> anything more sophisticated than bruteforce ...

Ouch.  Just to make your posting more valuable to all, does the above
apply to current versions of EDPR as well?  As to its speed, I guess it
varies by hash type - so perhaps mention what you ran it against?
I know that it's expected to be very slow at Unix crypt(3) hashes, but
it shouldn't be that bad at LM/NTLM.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.