On Sat, Mar 8, 2014 at 1:46 AM, Klaus Muth <m...@hagos.de> wrote: > Quick update. > > Since I was really interested in password security of OpenOffice, Vanessa had > not much trouble to talk me into giving it a try. So I compiled an MPI > version of john and started it on my i7-2600 4-core 3.4GHz on 7 CPUs, John > chose to use the AVX extension (no fancy graphic card - so no NUMA or CUDA) > > I had some infos (language + max pw length) from Vanessa. > > It took a total of 77h of CPU time in incremental mode (no hit in single shot > and dictionary mode) to get a 7 character all lower case password with this > setup. >
Thanks for the reminder of the importance of picking high-quality passwords of sufficient length. There is a reason why online services like banks, Amazon, etc., require complex passwords. Short, simple ones easily fall to brute-force attacks. Do you have a sense for what your average rate was, passwords/second, with your configuration? This pages gives a rough estimate of how long it takes to crack a password, depending on its complexity and length: http://www.lockdown.co.uk/?pg=combi As you can see, moving from a short alphabetic password to 8 character-long of mixed upper/lower/number/symbol is the difference between a password that can be cracked in minutes versus millenia. Of course, quantum computers could someday change that all... Regards, -Rob > I was able to send back an unencrypted 433 pages book. > > No, I'm not that interested - I won't do that a second time. I provided all > information needed to do it yourself. > > Am 06.03.2014 15:02, schrieb Klaus Muth: >> Ok. Tried out. You need: >> 1. Encrypted OpenDocumentFormat File (i.e. your book) >> 2. John The Ripper from http://www.openwall.com/john/, I used >> http://www.openwall.com/john/g/john-1.7.9-jumbo-7.tar.bz2 >> 3. A Linux System (There is a Windows binary too) >> >> - Now Download john, then untar it: >> tar xvfj john-1.7.9-jumbo-7.tar.bz2 >> - compile it >> cd john-1.7.9-jumbo-7/src >> make clean linux-x86-64-native >> - test it >> cd ../run >> ./john --test >> - get password hash: >> ./odf2john.py MyImportantCrypted.odt > passwd >> - crack password hash >> ./john passwd >> >> In my example it took john 17 seconds to realize that my password was >> actually 123456 - which is of course the most commonly used password ever and >> so one of the first tested options: >> >> ./john passwd >> Loaded 1 password hash (ODF SHA-1 Blowfish [32/64]) >> 123456 (MyImportantCrypted.odt) >> guesses: 1 time: 0:00:00:17 DONE (Thu Mar 6 14:43:10 2014) c/s: 1132 >> trying: 123456 >> >> You might need some kind of Computer Nerd and some fast hardware to crack >> your ODF Password, but that might be easy to get compared to writing your >> book again. >> >> Using passwords on the only original of a file is generally a bad idea - you >> use them to secure a copy you want to send by mail or on a stick. >> >> >> Am 06.03.2014 13:11, schrieb Vanessa Silva: >>> Hello, >>> >>> >>> i’ve written a book, took me over 200 hours, saved it with open Office >>> writer and made a Password for it. Then i didn’t use the document in a >>> while and now i forgot the Password. Please help me, i Need my book back! >>> Can i send you the document per E-Mail? can you erase dthe Password? >>> Please, i beg you. I Need it! >>> >>> >>> I’ll wait for your answer. >>> >>> >>> Vanessa Silva >>> >>> >>> >>> >>> >>> >>> Gesendet von Windows Mail >>> >> >> >> Freundliche Grüße >> > > > Freundliche Grüße > -- > Klaus Muth > HAGOS eG Industriestr. 62 fon: (+49) 711 78805-7086 > EDV-Programmierung 70565 Stuttgart fax: (+49) 711 78805-957035 > http://www.hagos.de Germany mailto:m...@hagos.de > > HAGOS Verbund deutscher Kachelofen- und Luftheizungsbauerbetriebe eG > Sitz: Stuttgart > Rechtsform: Genossenschaft > Registergericht: Stuttgart GnR 77 > Vorstände: Guido Eichel, Ralf Tigges > Aufsichtsratsvorsitzender: Thomas Müller > USt.-ID-Nr.: DE 147799748 > > ------------------------------------------- > List Conduct Guidelines: http://openoffice.apache.org/list-conduct.html > To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org > For additional commands, e-mail: users-h...@openoffice.apache.org > ------------------------------------------- List Conduct Guidelines: http://openoffice.apache.org/list-conduct.html To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
