On Monday, October 15, 2001 8:31 AM, Joshua Wright [mailto:Joshua.Wrightat_private] wrote: > Brute force with a dictionary attack would be your best option. The > type 5 password is based on the MD5 hash algorithm. You could create > a perl program with a CPAN module to calculate the hashes. One could. However, I think "John the Ripper" is a better approach. Its available at the usual places, and provides an effective brute force engine. Because the Cisco approach is based upon the BSD code, you can use the BSD password format -- feed john a file like jason:$1$6Je2$MurE4FTzoZjQShRW4Ui9H0:::::::: But realize this is a hard task. I get around 1400 crypts per second on this laptop -- so a conventional dictionary falls pretty quickly. But if the site has a sound password creation policy, you are not going to succeed with a brute force approach without some serious parallelization. --woody ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Oct 16 2001 - 15:15:14 PDT