Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120413143925.GA14369@debian>
Date: Fri, 13 Apr 2012 18:39:25 +0400
From: Aleksey Cherepanov <aleksey.4erepanov@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: automation equipped working place of hash cracker,
 proposal

Frank,

Your questions are very nice to start from.

On Mon, Apr 09, 2012 at 09:55:16PM +0200, Frank Dittrich wrote:
> it seems like you really did think a lot about an optimal work flow for
> a team of pen testers trying to crack many passwords with different
> password hash types.
> 
> 
> To get the discussion going, may be you could elaborate a bit:
> 
> What would an optimal work flow look like?

I think the main idea behind work flow is that next attacks should be
corrected by (based on) previous results. So in general we crack hashes with
common methods, take results, analyze them, develop more precise and effective
attack, apply it, again take new results and so on.

It is common to rebuild chr files to improve incremental mode having some
passwords cracked. Also some patterns (like month appended to password when
policy is to change password every month) could be found during cracking.
During contest search of patterns was very valuable.

Of course work flow is not linear: it is worth to apply attacks in parallel.

> What kind of problems (deviations from an "optimal" work flow) did you
> recognize during or after the 2012 CrackMeIfYouCan contest?

After CrackMeIfYouCan 2011 contest several problems of different kinds were
found. There were uninvolved hardware, disorder in question of what attacks
are done, low skills (at least my personal), low quality of some attacks, a
lot of monkey work.

> Which were the most significant problems?

With hardware the biggest problem was that a lot of machines was not managed
about at all. We have much more cpu power than human resources. So the system
should manage machines while humans manage the system.

It was not always obvious who do certain attack, what hash types this attack
is applied for, what is the progress of the attack. Managing tasks in the
system could provide enough central control to avoid these questions.

It was not easy to cooperate for patterns search and related attacks
development. I think it is because usage of mailing list for managing
everything does not scale well while a lot of things (like pattern
descriptions, regexps, rules, attack employment reports) should be handled
easily. The system should reflect that need providing everything at its
places.

I'll describe these problems in separate threads because there are more
details than one mail should contain.

Thanks!

Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.