[sf-lug] John the Ripper
rick at linuxmafia.com
Fri Jan 25 02:55:59 PST 2008
Quoting Alex Kleider (a_kleider at yahoo.com):
> Sorry, Kristian, I spoke too soon:
> I thought that John the Ripper had installed BUT infact
> it had not: "No candidate version found for John."
> It seems that John the Ripper is NOT in the debian archives.
> What's your recommendation:
> 1. download it from openwall
> 2. use cracklib2
> 3. other...?
Question: Given that shadow passwords have been ubiquitous since about
1993, when are you actually going to _find_ a readable password file to
run John the Ripper against? I mean, it's a fine program, but you can
match entries in a file of encrypted passwords using dictionary attempts
only if you can _read_ the file of encrypted passwords, right?
I might be missing something, here. (Really. That's not cheap sarcasm. ;->)
Quick article on shadow passwords:
Note permission settings (and you can easily verify that this is true of
your own system, as well):
:r! ls -l /etc/passwd /etc/shadow /etc/group /etc/gshadow
-rw-r--r-- 1 root root 998 2007-07-20 13:41 /etc/group
-rw-r----- 1 root shadow 526 2007-07-20 13:41 /etc/gshadow
-rw-r--r-- 1 root root 1764 2006-06-05 14:35 /etc/passwd
-rw-r----- 1 root shadow 1352 2007-10-11 20:20 /etc/shadow
The two *shadow files are the only ones that contain hashed login
passwords on modern Unix-ey systems. The /etc/passwd and /etc/group
files _used_ to; that was what made John the Ripper and its predecessors
so popular. But they don't anymore.
More information about the sf-lug