Re: john is weird!
On Wed, Jan 16, 2002 at 02:13:25PM +0100, martin f krafft wrote:
> i installed john because i want to enforce strong passwords. i think
> that's a legit thing to do. however, i don't think john ever did
> anything. i get these messages *all the time* from all systems i have
> john on via cron.
Hmm... Maybe the message shouldn't be sent when no passwords were
broken.
> even though there are only 14 accounts on this particular one, i doubt
> that john checks all passwords with 0 guesses and in 1.59 seconds!
>
The test done in the cronjob is against a wordlist and information
gathered from passwd (IIRC). Maybe you could try using a better wordlist...
(This is particularly important for people outside English-speaking
countries! ;-)
John may also be used in "incremental mode", but that means it would try
to break passwords forever (because it never stops). This is not the
default for the cronjob.
> this is a vanilla install with the only modification being the line
> passfile=/root/.john-passfile
>
> in /etc/john-mail.conf, as instructed in the preceding comment.
>
> what am i doing wrong? or is john just broken?
The first time I used it, 2 passwords were broken (out of 5!) -- one was
identical to the username, and the other was an English word followed by
numbers. Maybe your passwords are just good after all? Try setting an
account with an easy password and see if john breaks it. You may try
different "easy" ones if you want to check how hard john is trying to
break them!
J.
--
Reply to: