Subject:
Re: Cracking OpenVMS passwords with John the Ripper
From:
jloup@gailly.OmitThisWord.net (Jean-loup Gailly)
Date:
Thu, 5 Dec 2002 07:43:21 +0000 (UTC)
Newsgroups:
comp.os.vms

I wrote:
  VMS executables for Vax and Alpha are available from my page
  http://gailly.net/security/

Brian Tillman replied, quoting the above sentence:


>> Could you make a self-contained VMS distribution so that one doesn't have to
>> load all those other tools (make, patch, etc.) before getting something
>> useful?


Hmm, I don't know how to say it more clearly than what I already said:
"VMS _executables_ for Vax and Alpha are available".  An executable is
something which is already compiled, so you don't need make, patch and
so on to compile it.  You do need unzip to extract the VMS
executables, and I have added a link to unzip
http://www.openvms.compaq.com/freeware/freeware50/info-zip/
but most free software for VMS is already distributed in zip format.

Make sure you get version 4 of the patch (there was a bug in unuaf version 3)
http://jl.gailly.net/security/john-1_6_32-vms-4.zip
Note that the VMS executables are much slower than the x86 executables
since they are not yet optimized in assembler. Vax and Alpha asm experts
are welcome to send me asm versions.

You also need a dictionary, which is not provided by John. You can get many
wordlists from ftp://ftp.ox.ac.uk/pub/wordlists/
You can start with a basic wordlist of 1 million words and John will
automatically generate variations on this. In one week on a single x86,
John can check about 100 billion (1011) words; it is not necessary
to put that many words on disk.

Anamika asks:


>> Have any passwords been actually cracked successfully ?


Email me your password and I will tell you whether John would have guessed it.

Jean-loup

PS: the last sentence was a joke, ok? The actual answer is, yes, there are
    unfortunately very few sites where John can't crack a single password.