[plug] Apache & htpasswd

Brian Tombleson brian at paradigmit.com.au
Mon May 21 12:29:51 WST 2001


From: "Matt Kemner" <zombie at wasp.net.au>
> On Mon, 21 May 2001, Christian wrote:
>
> > Your only hope of reversing them would be mounting a
> > brute force dictionary attack which would likely be successful against a
> > good percentage of them but would take some time against 1400 passwords
> > and you would never get 100%.
>
> Give it a crack[1] anyway, I'd say there's a chance you'll get a very
> large number of them very quickly - because many people choose simple
> passwords when given the choice, and if you get 90% of them, then that
> means there's only 140 people you need to contact about the new password
> you've generated them.
>
> Shouldn't take _too_ long on a recent machine anyway.
>
> I suggest grabbing "john the ripper" and trying that in single mode first
> (which should only take a few minutes) and then dictionary mode with a
> largeish dictionary (which I can supply if you want)
>
> It might not bring you the results, but it's worth a try, I would think.
>
>  - Matt
>
> [1] Pun intended

Yes, but I don't have the hash algorithm used to generate the passwords in
the file.  They are using some customized method instituted by the original
hosters.  Won't crack only try the 'normal' algorithm - [DES | MD5 | SHA]?






More information about the plug mailing list