Google Authenticator surely is a cute thing. But my current solution isn’t really matching my taste: one token for every app which makes up a total of 20 token for my daily use – about 19 token too much if you’d ask me. A solution could be a Radius server, having all the users authenticated using a PAM […]
Looking at the current bugs and problems with passwords and authentification, everything is insecure – at least in theory. Believe me, as a sysadmin I have to say, “that sucks”. So I decided to choose “Plan G” which is the Google-Authenticator, a software token to extend our passwords by a new 6 digits number, pretty much like the […]
While cleaning up my mess here, I found an old Cisco device, an old 1600 series router which I wanted to inspect before considering to throw it away. After some network magic I found the old IP I used but didn’t get over the password prompt to sneak around in the configs. My mood dropped instantly as I […]
This is now the official end on cracking generated passwords here. After running for 77 days and 3 hours not even a single password was cracked. So this is the last status report: guesses: 0 time: 77:03:40:35 c/s: 971 trying: 055ud And that’s all folks. Hope you’ve enjoyed the experiment.
Fifty days have passed since John The Ripper started cracking on the password file. As you can see, not even one password was guessed by now: guesses: 0 time: 50:06:35:40 c/s: 972 trying: ns4k7y Regarding my password policy, which is changing my passwords every month, our attacker would have lost already. I’ll proceed with the cracking for a […]
You remember that I have tried to crack some random passwords using John The Ripper, don’t you? Well – if you don’t, here’s the according post. Fact is, that I’m as curious as you are about the results – that’s why I didn’t give up yet. So here are the results so far: guesses: 0 time: 30:22:54:46 c/s: […]