The meeting of the “Indian Libre User Group” was successfully held on October 28th 2012
Time: 2:00pm – 5.30pm
Venue: Internet Club, IInd Floor,
AMI Trust Building,Broadway Enclave,
2.30pm – 2.45pm
Customary Self Introduction. People shared their experience with Free Software
2.45pm – 4.30pm – Session by G.Venkit Subramanian
John the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms (eleven architecture-specific flavors of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testing and breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix flavors (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others.
One of the modes John can use is the dictionary attack. It takes text string samples (usually from a file, called a wordlist, containing words found in a dictionary), encrypting it in the same format as the password being examined (including both the encryption algorithm and key), and comparing the output to the encrypted string. It can also perform a variety of alterations to the dictionary words and try these. Many of these alterations are also used in John’s single attack mode, which modifies an associated plaintext (such as a username with an encrypted password) and checks the variations against the encrypted hashes.
John also offers a brute force mode. In this type of attack, the program goes through all the possible plaintexts, hashing each one and comparing it to the input hash. John uses character frequency tables to try plaintexts containing more frequently used characters first. This method is useful for cracking passwords which do not appear in dictionary wordlists, but it does take a long time to run.
4.30pm – 4.45pm
People were requested to handle small technical discussions for the next meeting.
Thanks to all the attendees for coming and they are requested to put their feedback on the mailing list so that we can improve future meetings
The next user meet is on 25th November 2012