Hi chumby,
Thanks for the feedback (I'm enjoying this too).
I agree about keeping the passwords the same length. I've done a bit of research into JtR and it seems it works best when passwords are no more than 8 characters long, so would recommend that limit. Perhaps easy is all lower case alpha characters (no numbers), medium is all alphanumeric characters (upper and lower case letters and numbers), and hard is all characters (including @, !, etc...). Would also recommend that the 8 character limit is fixed (no shorter passwords), as I do worry that otherwise the task will be too hard to complete multiple times as a demo. Fixing the rules in this way will make the password lists easier to specify as well.
I still think it is necessary to do some benchmarking to confirm the Parallella will perform in a suitable length of time. You will already have a shadow file ready to use (unless your sudo password is too long). Let's look at wordlists then run a benchmark.
Would recommend this Ars Technica article as a good introduction to this field (worth noting how much of a difference the rockyou wordlist makes):
http://arstechnica.com/security/2013/03 ... d-cracker/Next, need to create a wordlist for our initial test. This article describes three tools for this, CRUNCH + a hashing tool will do this trick for the initial test (don't know how big the resulting file will be, worth generating on your main PC):
http://kaoticcreations.blogspot.com/201 ... h.html?m=1I'll keep working on refining the Python stuff.
by chumby » Thu Aug 07, 2014 2:30 am 