Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <55FF8BFD.90409@mailbox.org>
Date: Mon, 21 Sep 2015 06:47:57 +0200
From: Frank Dittrich <frank.dittrich@...lbox.org>
To: john-users@...ts.openwall.com
Subject: Re: best setup to crack format nt or nt2

On 09/20/2015 10:35 PM, Patrick Proniewski wrote:
> Hello,
> 
> I plan to make some kind of password audit at work. The purpose is to warn users about weak password, when they use one.
> I'm going to dump Active Directory accounts (2008 R2), convert to some kind of GECOS format and launch John on the resulting file.

Most likely, you will crack many hashes.
But I would blame the poor password hash algorithm (fast, and even
worse: not salted) at least as much as the user's choice of poor passwords.
It has been known for many years that this hash algorithm is crap.

> I would like to run John for 24 hours on a decommissioned blade server, so I got 8 cpu cores, and lots of RAM, no GPU at all. What would be the best way to use most of this hardware? If I'm not mistaken, nt/nt2 can't get OpenMP benefits, so I could have to split the password file into 8 chunks, or use fork, or any other parallelism setup.

Don't split the passwords.
Since the hashes are not salted, you would waste a lot of time.
(Comparing a computed hash against a salt is much faster than computing
a hash.)
Use --fork, and/or run different attacks against all the hashes on your
different cores.

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.