[sf-lug] John the Ripper

Rick Moen rick at linuxmafia.com
Fri Jan 25 02:55:59 PST 2008

Quoting Alex Kleider (a_kleider at yahoo.com):

> Sorry, Kristian, I spoke too soon: 
> I thought that John the Ripper had installed BUT infact
> it had not: "No candidate version found for John."
> It seems that John the Ripper is NOT in the debian archives.
> What's your recommendation:
> 1. download it from openwall
> 2. use cracklib2
> 3. other...?

Question:  Given that shadow passwords have been ubiquitous since about
1993, when are you actually going to _find_ a readable password file to
run John the Ripper against?  I mean, it's a fine program, but you can
match entries in a file of encrypted passwords using dictionary attempts
only if you can _read_ the file of encrypted passwords, right?

I might be missing something, here.  (Really.  That's not cheap sarcasm.  ;->)

Quick article on shadow passwords:

Note permission settings (and you can easily verify that this is true of
your own system, as well):

:r! ls -l /etc/passwd /etc/shadow /etc/group /etc/gshadow

-rw-r--r-- 1 root root    998 2007-07-20 13:41 /etc/group
-rw-r----- 1 root shadow  526 2007-07-20 13:41 /etc/gshadow
-rw-r--r-- 1 root root   1764 2006-06-05 14:35 /etc/passwd
-rw-r----- 1 root shadow 1352 2007-10-11 20:20 /etc/shadow

The two *shadow files are the only ones that contain hashed login
passwords on modern Unix-ey systems.  The /etc/passwd and /etc/group
files _used_ to; that was what made John the Ripper and its predecessors
so popular.  But they don't anymore.

More information about the sf-lug mailing list