Re: Password policy.

To: debian-user@lists.debian.org
Subject: Re: Password policy.
From: Reco <recoverym4n@enotuniq.net>
Date: Wed, 14 Nov 2018 07:35:02 +0300
Message-id: <[🔎] E1gMmtL-0004QV-3q@enotuniq.net>
In-reply-to: <[🔎] 201811131647.39566.gheskett@shentel.net>
References: <[🔎] E1gMbT7-0001Ge-TB@dalton.invalid> <[🔎] 201811131249.17535.gheskett@shentel.net> <[🔎] E1gMdwd-0003mN-U9@enotuniq.net> <[🔎] 201811131647.39566.gheskett@shentel.net>

	Hi.

On Tue, Nov 13, 2018 at 04:47:39PM -0500, Gene Heskett wrote:
> On Tuesday 13 November 2018 14:01:51 Reco wrote:
> 
> > On Tue, Nov 13, 2018 at 12:49:17PM -0500, Gene Heskett wrote:
> > > On Tuesday 13 November 2018 11:23:13 peter@easthope.ca wrote:
> > > > Hi,
> > > >
> > > > https://www.debian.org/doc/manuals/debian-reference/ch04.en.html#_
> > > >good _password specifies "6 to 8 characters".  Is that adequate
> > > > against currently available brute force?
> > > >
> > > > Thanks,                                  ... Peter E.
> > >
> > > "John the ripper" can find a 6 char word in a couple seconds on a
> > > slow machine.
> >
> > Against sha512? Or against old Unix crypt? There's a difference, and
> > it's measured in orders of magnitude, not times.
> >
> > Reco
> 
> I don't recall as it been a decade or more since I saw that article

So it's either crypt or md5. Debian moved away from both long time ago.
John's too slow for today's hashes as it only utilizes CPU.
If you really need to bruteforce that password you use hashcat - GPU
based.

Reco

Reply to:

References:
- Password policy.
  - From: peter@easthope.ca
- Re: Password policy.
  - From: Gene Heskett <gheskett@shentel.net>
- Re: Password policy.
  - From: Reco <recoverym4n@enotuniq.net>
- Re: Password policy.
  - From: Gene Heskett <gheskett@shentel.net>

Prev by Date: Re: Password policy.
Next by Date: Re: Re (2): Password policy.
Previous by thread: Re: Password policy.
Next by thread: Re: Password policy.
Index(es):
- Date
- Thread