Re: password cracking question

From: Unruh (unruh-spam_at_physics.ubc.ca)
Date: 07/18/05


Date: 18 Jul 2005 17:53:58 GMT

Proteus <nospam@nowhere.net> writes:

>Unruh wrote:
>..
>> He might have found a backup tape lying around for example. He might have
>> booted into the machine in single user and gotten the file.
>> One of the reasons that Linux went over to shadow passwords was that
>> programs like yours were becoming popular.

>So for my purposes, the main (good) use of a password cracking program is to
>test whether my users' (and mine, ie root) passwords are strong, right?
>(that is my intended purpose). And how long do I let the password cracking
>program run before I assume my passwords are strong-- I mean one could in
>theory let the cracking program run for days or weeks. When is enough
>enough, when is a password considered strong enough (and how do I know if a
>password I create is strong enough to thwart crackers?)?

The program, AFAIK will finally quit.
However, for root or for yourself you should KNOW if your password is good
enough. It is silly to use the cracker program to test a password you know.

You can look up to see what the algorithm that the cracker uses. It is
primarily dictionary based. Ie it checks if the word is in a dictionary,
etc. In theory the cryptlib module in pam which checks the passwords when
you enter them should use the same type of program that the cracker does to
check the password when entered. Unfortunately Alex Muffet's idea of what
is a weak password and mine differ.



Relevant Pages

  • Re: More on learning "Public Key Authentication"
    ... >>> time by a cracker with a fast computer. ... >> But they'd have to break into root on your machine first to get ... > As for the ease of getting the encrypted password directly from the ... > Mac, even without access to root, that is not much of a problem. ...
    (comp.sys.mac.system)
  • Re: The Leap to Linux
    ... > they are just not secure. ... samba - encrypted passwords = Easier for cracker to gain root access. ... displayed ROOT vulnrabilities. ...
    (alt.os.linux)
  • Re: unintended wireless?
    ... >>Here is why you need a FORMAT and clean install when your box IS cracked. ... That will tell you about known root kits if you have one. ... >>The cracker may not have installed a rootkit. ... >>Always login from the console, no su, telnet, ssh,.. ...
    (alt.computer.security)
  • Re: Compromise of the nobody account?
    ... what's the most damage a cracker could do running as ... "nobody", and could they potentially screw with the system memory ... higher privilege (ie. root) on it with some sort of malicious code ...
    (comp.security.unix)
  • Re: Hacked? How?
    ... Here is why you need a FORMAT and clean install when your box IS cracked. ... Never login as root unless you have to. ... Always login from the console, no su, telnet, ssh,.. ... The cracker could install trojaned files some where else and modify ...
    (comp.os.linux.security)