Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CANWtx00MKGc2Nw+DDNt4mJ4xxGLzJAFaqv=Mxj03A0=DOjtVyg@mail.gmail.com>
Date: Fri, 13 Apr 2012 16:14:49 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: automation equipped working place of hash cracker, proposal

On Fri, Apr 13, 2012 at 3:27 PM, Frank Dittrich
<frank_dittrich@...mail.com> wrote:
> It is less predictable what hardware will be available at which time.
>
> You have much less influence on what people do during the contest than
> you have in a team of pen testers... (After all, many people will just
> take part in the challenge because they think it is fun, and they'll
> avoid doing things which they don't see as "having fun", even if this
> might result in trying out things that are less than optimal.
>
> Many people will be behind a firewall or router which prevents access
> from outside (e.g., a central server), others might not want to grant
> other people or a central server access to their systems, so you might
> have to find ways to allow people fetching the next tasks to be
> processed and sending back the results on their own.
Last year I proposed a "Live CD/DVD/USB" that contained generic JtR
binaries or that could compile JtR on the hardware if that might be
beneficial, perhaps the CPU on one machine has AES in hardware, or has
3 Nvidia cards etc... The main point was to allow then to do a command
and control "swarm", communicate progress, pot files, stats and
everything else over ssh perhaps. The cron job to upload the cracked
hashes would be there already, progress could be saved to a usb drive
if there was no way out a firewall. Other progress should probably be
sent to the central server, so if power was lost and or no usb is
available the machine could be booted back up using the live cd and
you'd have to pick that machines ID or name and have it continue on.
That may be overboard, I just like to think fantasical like that,
number one because I can and B because I have no programming skill to
speak of, so when I see these awesome things being done on this list,
I think, yeah THEY could totally do that :p
Live-CD
Automation/Command and Control
????
Profit!!!
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.