Find the answer to your Linux question:
Results 1 to 3 of 3
Hi - I've been using John the Ripper to test the security of my passwords (both user and root) and so far so good ... it's been running for just ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Guru fingal's Avatar
    Join Date
    Jul 2003
    Location
    Birmingham - UK
    Posts
    1,539

    Testing password security


    Hi - I've been using John the Ripper to test the security of my passwords (both user and root) and so far so good ... it's been running for just under 24 hours and it hasn't cracked them.

    Does anyone know how long the software might take - on average - to figure out a root or user password? I suppose this is like asking, 'How long is a piece of string?' but for example, if it took just a couple of days should I change my passwords?

    I'm not really worried about password security at this point, just curious. The programme is easy to use, and I'm pleased it hasn't found my passwords ... but I wondered if anyone had some experience using John the Ripper.
    I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso

  2. #2
    Just Joined!
    Join Date
    Apr 2007
    Posts
    47
    I launch John the Ripper before sleeping. If it couldnt crack the password when I wake up, I stop it and use this password.

    I increase security using passwords with letters, numbers and special characters inside, and having edited the /etc/sudoers file. I have added the line:

    Defaults:ALL timestamp_timeout=0
    So the password is required everytime I need administrative rights and a malware couldnt use it even if you just opened an application with admin rights. Admin rights will be required again. I dont know if this is applicable in your distro.

    PS John the ripper doesnt recognize all algorithms and I cannot use it with PGP.

  3. #3
    Linux Guru fingal's Avatar
    Join Date
    Jul 2003
    Location
    Birmingham - UK
    Posts
    1,539
    Thanks, that's useful. I'll let John the Ripper run for a few more hours then stop it. It's quite CPU intensive. For example:
    Code:
    PID USER     PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
    19932 fingal   25   0  7196 5848  540 R 85.8  2.3   1064:20 john
    I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •