June 16, 2004
June 09, 2004
Real Passwords
Forgot to mention this earlier, but I might get the opportunity to run my tests on some live password files (Windows SAM Files). My supervisor notified me of this a couple of weeks back, naturally the first question that came into my head was that of ethics clearance - but the assurance goes that because it's the University's property, and because i would almost be "contracted" out to do the work - it should be fine.
So this will be interesting indeed.
June 08, 2004
June 06, 2004
ASMCrack
ASMCrack - another one of those cracking utilities that slipped through my finger-tips.
<quote>
ASMCrack is a unix password security tool. It checks the password file by trying whether a given word matches an encrypted password that was within the password file. To do so it uses very speed optimized 386 assembly routines, with pentium alignment and command order optimisations. It consists of three program subversions, that use differently sized look-up tables. The speed of those versions depends on the hardware, especially on the RAM speed and the CPU cache's size.
</quote>
What's interesting about this program is it's (dumb/simple/clever) way of working on multiple computers - in fact - the same way that JTR-MPI (a peek inside jtr) works in an MPI environment.
First: Determine an approximate speed rating for each computer u want to use
asmcrack -test
Second: Create a file for each of the computers - and their rating
Computer0 : speed
Computer1 : speed
..
etc
Third: Run the program on each node with it's appropriate node-number
asmcrack -multi:config.file,0
..
Now, even though the author claims it's all optimised and that jazz, it is quite out-dated compared to JTR, so whether or not it would perform up to par is yet to be seen.