An Analysis and Comparison of Clustered Password Crackers

Password policies alone do not stand a chance of securing computer systems which rely on the use of secretbased, password authentication methods. The enforcement of “strong” passwords via pro-active password strengthening utilities and password cracking tools should be employed by system administrators to reduce the number of “weak” passwords in a computer system. With the availability of low-cost computer and networking hardware, clustered solutions for large computational tasks, such as password cracking, are no longer restricted to larger organisations. John the Ripper and Cisilia are two open-source password cracking programs which have the ability to run in a clustered environment. This paper intends to make a comparison of John the Ripper to Cisilia in a clustered environment utilising the OpenMosix and Beowulf styles of parallel computation. Unfortunately, due to problems with Cisilia an in-depth comparative analysis could not be performed, but the analysis of the John the Ripper results does highlight some issues in regards to clustered password cracking.