If you're new to system administration, you're probably wondering how you can benefit from password crackers. Passwords crackers can help you identify weak passwords on your network.

Ideally, you should run a password cracker once a month. If your network supports several platforms, you might need a wide range of password-cracking utilities. Although password crackers such as John the Ripper can crack both Windows NT-based password files and UNIX-based ones, most password crackers are designed to crack only a single type of password.

To crack passwords, you need the following elements:

· Sufficient hardware (A Pentium-III based machine will do nicely)

· A password cracker (such as John the Ripper, Crack, L0phtCrack, and so on)

· A password file ( / etc / shadow, the NT SAM file, and so on)

Cracking passwords is a CPU- and memory-intensive task. It can take days, weeks, months, or even years depending on the strength of the password and the algorithms used. To crack passwords effectively, you need suitable hardware. The more powerful the hardware, the faster you will be able to crack even relatively strong passwords.

For cracking common password files, like those found on UNIX and Windows NT systems, I have found that to comfortably handle large password files, you should have the following resources:

· A 400Mhz Pentium II or better

· 64 MB of RAM or better

A single-processor Pentium-II based system dedicated to password cracking can chew through most NT SAM (password) files in under 48 hours. Dual-processor, Pentium-III–based systems (or higher) will work even faster.

There are techniques, however, for overcoming hardware restrictions. One is the parlor trick of distributed cracking. In distributed cracking, you run the cracking program simultaneously on separate processors. There are a few ways to do this. One is to break the password file into pieces and crack those pieces on separate machines. In this way, the job is distributed among a series of workstations, thus cutting resource drain and the time it takes to crack the entire file.

The problem with distributed cracking is that it makes a lot of noise. Remember the Randal Schwartz case? Mr. Schwartz probably would never have been discovered if he were not distributing the CPU load. Another system administrator noticed the heavy processor power being eaten. (He also noted that one process had been running for more than a day.) Distributed cracking really isn't viable for a cracker unless he is the administrator of a site or he has a net work at home (which is not so unusual these days; I have a network at home that consists of Windows 95, Windows NT, Linux, Sun, and Novell boxes).