I'd never thought I'd say this, but Cain & Able is actually much better than John the Ripper for auditing large password sets. It took those 300,000 passwords and was ripping through them like a champ. Even though the rule selection is poor and it doesn't support the ability to perform targeted brute force attacks, it's at least letting me prune down the list so I can crack the hard passwords using John.
Also, I've been trying our custom password cracking program, (more on that later), on subsets of the list and it's doing amazinly well. Unfortunatly I use John the Ripper as the backend to handle all the hashing and checking, (What can I say, I didn't feel like reinventing the wheel), so it has issues with trying to audit the whole list.
Friday Squid Blogging: Eating Giant Squid
6 hours ago