[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[opensuse-security] About "john"



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Out of curiosity, I installed john to see how it handled.

21335 ?        S      0:00 /bin/sh -c  test -x /usr/lib/secchk/security-control.sh && /usr/lib/secchk/security-control.sh weekly &
21340 ?        S      0:00  \_ /bin/sh /usr/lib/secchk/security-control.sh weekly
21345 ?        S      0:00      \_ /bin/sh /usr/lib/secchk/security-control.sh weekly
21346 ?        S      0:00          \_ /bin/sh /usr/lib/secchk/security-weekly.sh
22246 ?        RN   389:39              \_ john -rules -w:/var/lib/secchk/dict /var/lib/secchk/passwd.21346


As you see, it is slooooww... even days. I didn't even install 
"john-wordlists", the 41 MiB "huge word lists for John the Ripper (a fast 
password cracker)", as the rpm description goes. I expected it to be slow, 
but... why does it has to try to crack passwords that have not changed 
during the last week? Could the "security-weekly.sh" script be improved to 
detect changed passwords and only try those?

- -- 
Cheers,
       Carlos Robinson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFF7BKxtTMYHG2NR9URAkOJAJsHtcZR107vc82Fh+upTUmex9a0rgCfTEUv
dTQwUC0jrH6cujcgf+e6ZfM=
=4OCV
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx