[opensuse-security] About "john"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Out of curiosity, I installed john to see how it handled. 21335 ? S 0:00 /bin/sh -c test -x /usr/lib/secchk/security-control.sh && /usr/lib/secchk/security-control.sh weekly & 21340 ? S 0:00 \_ /bin/sh /usr/lib/secchk/security-control.sh weekly 21345 ? S 0:00 \_ /bin/sh /usr/lib/secchk/security-control.sh weekly 21346 ? S 0:00 \_ /bin/sh /usr/lib/secchk/security-weekly.sh 22246 ? RN 389:39 \_ john -rules -w:/var/lib/secchk/dict /var/lib/secchk/passwd.21346 As you see, it is slooooww... even days. I didn't even install "john-wordlists", the 41 MiB "huge word lists for John the Ripper (a fast password cracker)", as the rpm description goes. I expected it to be slow, but... why does it has to try to crack passwords that have not changed during the last week? Could the "security-weekly.sh" script be improved to detect changed passwords and only try those? - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFF7BKxtTMYHG2NR9URAkOJAJsHtcZR107vc82Fh+upTUmex9a0rgCfTEUv dTQwUC0jrH6cujcgf+e6ZfM= =4OCV -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
The word on the street about 1.7 is it is "significantly SLOWER" than 1.6 For example I have two passwords it is attempting to crack and it has been running almost 2 weeks! John S. Gaythorpe - CISSP Director Systems Services Dartmouth College -----Original Message----- From: Carlos E. R. [mailto:robin.listas@telefonica.net] Sent: Monday, March 05, 2007 07:53 To: OS-sec Subject: [opensuse-security] About "john" As you see, it is slooooww... even days. I didn't even install "john-wordlists", the 41 MiB "huge word lists for John the Ripper (a fast password cracker)", as the rpm description goes. I expected it to be slow, but... why does it has to try to crack passwords that have not changed during the last week? Could the "security-weekly.sh" script be improved to detect changed passwords and only try those? - -- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (2)
-
Carlos E. R.
-
jsg@metrocast.net