Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20101207055052.GA17423@openwall.com>
Date: Tue, 7 Dec 2010 08:50:52 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: pwgen

On Thu, Dec 02, 2010 at 12:24:11PM -0600, Minga Minga wrote:
> The 'random' passwords for the DEFCON contest were generated by pwgen.
> But I have long since lost the command line.

My guess is that you used the "-s" option:

       -s, --secure
              Generate completely random, hard-to-memorize  passwords.   These
              should  only be used for machine passwords, since otherwise it's
              almost guaranteed that users will simply write the password on a
              piece of paper taped to the monitor...

Yesterday, I generated a .chr file from 1 million of "pwgen -s"
passwords, and I started an attack on random-1000-from-pwgen.txt
(NTLM-hashed) using that .chr file.  It cracked 4 passwords so far:

0:04:21:37 + Cracked u0
0:10:42:05 + Cracked u561
0:14:18:03 + Cracked u223
0:17:24:04 + Cracked u151

01j1eL0Z         (u0)
Wi28bpuE         (u561)
9YjnhqjN         (u223)
6R5d5Pr5         (u151)

guesses: 4  time: 0:19:31:08  c/s: 16196M  trying: DNc8ErG6 - DNc8Err9

Considering the time it'd take to search the entire keyspace at this
speed, this means that those passwords are in fact just as secure as
they can be given the character set and length, at least against this
attack.

Thus, if my guess re: your use of "pwgen -s" is correct, then passwords
generated in this way are safe (although passwords of this type are not
safe enough when processed with a very fast hash, as it can be seen
above).  It's only pwgen's "pronounceable" passwords that are much
weaker than they look.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.