|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: john the ripper
From: Martin Mačok (martin.macok
underground.cz)
Date: Tue Dec 09 2003 - 12:45:07 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Dec 08, 2003 at 11:58:08AM -0700, Benjamin Tomhave wrote:
> Scary numbers...so, semi-drifting question: how long is an
> "acceptable" length of time to run a cracker before pronouncing that
> uncracked passwords are "reasonably strong and well-chosen"?
I usually run it for several hours, sometimes letting it choking
through the weekend. You can't tell them "reasonably strong or
well-chosen" after a pen-test, only "couldn't crack in X hours on
Y hardware with N/(X*3600) tests per second".
To tell them "reasonably strong", you should let it running for at
least X days where X is their password expiration time.
(It also depends on quality of your wordlist/dictionary...)
--
Martin Mačok http://underground.cz/
martin.macokunderground.cz http://Xtrmntr.org/ORBman/
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]