Audit passwords with a password-cracking tool
Takeaway: John the Ripper is a password-cracking tool that is faster and more sophisticated than earlier password-cracking software. Learn about some of the features of this handy tool.
Auditing passwords is a worthwhile venture, particularly in an environment that deals with sensitive information. Because systems encrypt passwords when they store them, you really can't properly judge the strength of a password unless you try to crack it.
We suggest using a password-cracking tool such as John the Ripper. This tool works extremely well because it can crack MD5 passwords, which most systems currently use. In addition, it's much faster and more sophisticated than earlier password-cracking software such as Crack.
Once you've installed the tool, either from RPM or by compiling a copy yourself, you can set it to work. Keep in mind that John the Ripper uses a fair amount of CPU, but it will only use idle CPU time. However, copying the /etc/shadow file to a nonessential machine and running the tool on that, rather than a production machine, wouldn't be a bad idea either.
If you need to stop John the Ripper, press [Ctrl]C. You can resume cracking passwords from where you left off by using the following:
$ john -restore
This tool comes with a fair-sized dictionary of common passwords, which it uses by default. However, you can download any dictionary you want to use instead of or as complement to the existing dictionary. All you need to do is concatenate the default.lst file to the new dictionary.
In addition, it's a good idea to add words that are specific to your particular environment, including employee names, addresses, company name, etc.
To use a different dictionary than the default, use the following:
# john -wordfile:/tmp/dict.txt /etc/shadow
This runs John the Ripper against the passwords in /etc/shadow using the dictionary /etc/dict.txt.
To download the John the Ripper password cracker, visit the Openwall Project Web site.
Delivered each Tuesday, TechRepublic's free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!
SponsoredWhite Papers, Webcasts, and Downloads
- IBM Multiform Master Data Management: The evolution of MDM applications IBM
- Yankee Group: Exploring the Benefits of 3G Wireless Integrated into Business-Class Routers Sprint
- Sprint IPVoice Connect Fact Sheet Sprint
- Demo: Need Disk Space? IBM DB2 9 Compression Demo IBM
- Microsoft SQL Server and Dell EqualLogic PS Series Solution Brief Dell EqualLogic
Article Categories
- Security
- Security Solutions, IT Locksmith
- Networking and Communications
- E-mail Administration NetNote, Cisco Routers and Switches
- CIO and IT Management
- Project Management, CIO Issues, Strategies that Scale
- Desktops, Laptops & OS
- Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP,
- Data Management
- Oracle, SQL Server
- Servers
- Windows NT, Linux NetNote, Windows Server 2003
- Career Development
- Geek Trivia
- Software/Web Development
- Web Development Zone, Visual Basic, .NET
