[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Shasow passwords] encryption methods




----- Original Message -----
From: Omer <omere@tc-iris.tau.ac.il>
To: ILUG mailing list <linux-il@cs.huji.ac.il>
Cc: Yoni Elhanani <biggo@netvision.net.il>
Sent: Thursday, April 01, 1999 11:38 AM
Subject: Re: [newbie] Shasow passwords on rhl5.2


> [a brief password shadow how-to deleted]
> since RH uses PAM (just like Solaris), you can easily change
> the encryption to something else than DES (like MD5), and that
> would pretty much kill the possibility of using John/Jack/Crack/whatever.

Since Omer brought it up, here's what John the ripper has to say about the
time it takes to break the various encryption methods.

Note that standard DES is relatively weak (it's only better than NT's
encryption, but if you want to break you'll do much better with l0phtcrack)

The benchmark was done on a Pentium Pro 150 w/ 64 MB RAM, running John the
ripper v. 1.6 as a *background* task on a Windows 2000 professional (this is
a good indication on running a cracking application as a background process
or as a screen saver):

Benchmarking: Standard DES [24/32 4K]... DONE
Many salts:     16594 c/s
Only one salt:  15603 c/s

Benchmarking: BSDI DES (x725) [24/32 4K]... DONE
Many salts:     534 c/s
Only one salt:  474 c/s

Benchmarking: FreeBSD MD5 [32/32]... DONE
Raw:    367 c/s

Benchmarking: OpenBSD Blowfish (x32) [32/32]... DONE
Raw:    21.7 c/s

Benchmarking: Kerberos AFS DES [24/32 4K]... DONE
Short:  15314 c/s
Long:   37412 c/s

Benchmarking: NT LM DES [24/32 4K]... DONE
Raw:    107495 c/s


-------------------------
Aviram Jenik

"Addicted to Chaos"

-------------------------
Today's quote:
What a waste it is to lose one's mind or not to have a mind.
How true it is.
                         - J. Danforth Quayle, addressing the United Negro
                              College Fund, quoted in "Time", 26 June 1989