Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20101221214544.GA26237@openwall.com>
Date: Wed, 22 Dec 2010 00:45:44 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: pwgen in JavaScript

On Tue, Dec 07, 2010 at 09:18:19AM +0300, Solar Designer wrote:
> ... "JavaScript port of pwgen" (of Ted's pwgen for Unix):
> 
> http://8-p.info/pwgen/
[...]
> $ ./john -i=pwgen-js -se=pwgen-js -fo=nt 1k-8-nt
> Loaded 909 password hashes with no different salts (NT MD4 [128/128 X2 SSE2-16])
> Warning: only 60 characters available
> 
> guesses: 22  time: 0:00:00:05  c/s: 9086M  trying: Ouq9s1f1 - Ouq9s1ie
> guesses: 45  time: 0:00:00:12  c/s: 11528M  trying: Iu4a9p3i - Iu4a9p2i
> guesses: 102  time: 0:00:01:00  c/s: 12779M  trying: iLi4jebi - iLi4j0lu
> guesses: 148  time: 0:00:03:00  c/s: 11026M  trying: Ugc7yo3e - Ugc7yoj9
> guesses: 193  time: 0:00:05:58  c/s: 11133M  trying: Py2ige1n - Py2igen6
> guesses: 220  time: 0:00:08:34  c/s: 11324M  trying: Pgsu9h2h - Pgsu9h8f
> guesses: 320  time: 0:00:40:37  c/s: 9891M  trying: aTt5xp8x - aTt5xtty

If anyone is curious, here's how this attack progressed further:

guesses: 648  time: 0:18:24:44  c/s: 6137M  trying: FGqcw1k7 - FGqcw1me
guesses: 730  time: 2:03:38:37  c/s: 4574M  trying: kBnqOoMi - kBnqOoM3
guesses: 791  time: 5:06:51:33  c/s: 3423M  trying: BdyE7Pur - BdyE7Pg0
guesses: 800  time: 6:04:30:02  c/s: 3215M

(The last line lacks "trying" because I obtained it with "john --status"
after interrupting the main John session.)

> 2.2% (2.4% of 909) cracked in 5 seconds
> 10% (11%) cracked in 1 minute
> 22% (24%) cracked in 8.5 minutes
> 32% (35%) cracked in 40 minutes

65% (71%) cracked in 18.5 hours
73% (80%) cracked in 2 days
80% (88%) cracked in 6 days

> This is mostly _without_ exploiting the problems with Math.random()
> yet.  It'd take custom code to exploit those, but then I'd expect all
> passwords to fall within seconds.  "[List.External:Strip]" in the
> default john.conf implements this sort of attack for another naive
> password generator.

For those who want more context, my original posting is here:

http://www.openwall.com/lists/john-users/2010/12/07/4

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.