A Day of Cracking (Page 1)
To simulate the threat of password exploitation in the real world, we have conducted a series to tests. Each is designed to recreate a real life scenario.
Test Setup (Page 2)
The multifunction password recovery program “Cain and Abel” was our tool. As it was one of a few freeware apps, that made it very attractive. Cain does a comprehensive job, able to launch all kinds of attacks from brute force, to dictionary attack to rainbow tables. It was installed on two fairly modern PCs.
Comp 1: Intel Pentium 4 2.8 ghz w/ Hyper-Threading Comp 2: AMD64 3800X2 (dual core)
Both feature fairly modern processors and have multitasking abilities
Test 1: Windows Password
We encoded the word “sponge” in NTLM hash, and launched brute force attacks with an alphanumeric character set. Intel: 1:01:347 AMD: 1:03:122
Both whizzed through very quickly, cracking at an average 5,600,000 combinations a second, coming up with the password in just over a minute.
Test 2: Web Account
Assuming one knows the login,