Subject: Re: Cracking OpenVMS passwords with John the Ripper From: jloup@gailly.OmitThisWord.net (Jean-loup Gailly) Date: Thu, 5 Dec 2002 07:43:21 +0000 (UTC) Newsgroups: comp.os.vms I wrote: VMS executables for Vax and Alpha are available from my page http://gailly.net/security/ Brian Tillman replied, quoting the above sentence: >> Could you make a self-contained VMS distribution so that one doesn't have to >> load all those other tools (make, patch, etc.) before getting something >> useful? Hmm, I don't know how to say it more clearly than what I already said: "VMS _executables_ for Vax and Alpha are available". An executable is something which is already compiled, so you don't need make, patch and so on to compile it. You do need unzip to extract the VMS executables, and I have added a link to unzip http://www.openvms.compaq.com/freeware/freeware50/info-zip/ but most free software for VMS is already distributed in zip format. Make sure you get version 4 of the patch (there was a bug in unuaf version 3) http://jl.gailly.net/security/john-1_6_32-vms-4.zip Note that the VMS executables are much slower than the x86 executables since they are not yet optimized in assembler. Vax and Alpha asm experts are welcome to send me asm versions. You also need a dictionary, which is not provided by John. You can get many wordlists from ftp://ftp.ox.ac.uk/pub/wordlists/ You can start with a basic wordlist of 1 million words and John will automatically generate variations on this. In one week on a single x86, John can check about 100 billion (1011) words; it is not necessary to put that many words on disk. Anamika asks: >> Have any passwords been actually cracked successfully ? Email me your password and I will tell you whether John would have guessed it. Jean-loup PS: the last sentence was a joke, ok? The actual answer is, yes, there are unfortunately very few sites where John can't crack a single password.