-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Out of curiosity, I installed john to see how it handled.
21335 ? S 0:00 /bin/sh -c test -x /usr/lib/secchk/security-control.sh && /usr/lib/secchk/security-control.sh weekly & 21340 ? S 0:00 _ /bin/sh /usr/lib/secchk/security-control.sh weekly 21345 ? S 0:00 _ /bin/sh /usr/lib/secchk/security-control.sh weekly 21346 ? S 0:00 _ /bin/sh /usr/lib/secchk/security-weekly.sh 22246 ? RN 389:39 _ john -rules -w:/var/lib/secchk/dict /var/lib/secchk/passwd.21346
As you see, it is slooooww... even days. I didn't even install "john-wordlists", the 41 MiB "huge word lists for John the Ripper (a fast password cracker)", as the rpm description goes. I expected it to be slow, but... why does it has to try to crack passwords that have not changed during the last week? Could the "security-weekly.sh" script be improved to detect changed passwords and only try those?
- -- Cheers, Carlos Robinson
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
The word on the street about 1.7 is it is "significantly SLOWER" than 1.6
For example I have two passwords it is attempting to crack and it has been running almost 2 weeks!
John S. Gaythorpe - CISSP Director Systems Services Dartmouth College
-----Original Message----- From: Carlos E. R. [mailto:robin.listas@telefonica.net] Sent: Monday, March 05, 2007 07:53 To: OS-sec Subject: [opensuse-security] About "john"
As you see, it is slooooww... even days. I didn't even install "john-wordlists", the 41 MiB "huge word lists for John the Ripper (a fast password cracker)", as the rpm description goes. I expected it to be slow, but... why does it has to try to crack passwords that have not changed during the last week? Could the "security-weekly.sh" script be improved to detect changed passwords and only try those?
- --
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-
Carlos E. R. -
jsg@metrocast.net