[plug] john the ripper
W.Kenworthy
billk at iinet.net.au
Wed Jul 6 13:17:06 WST 2005
I didnt get a reply to this so isnt anyone using john? If not john,
what do people use to audit their systems?
Perhaps people think I'm on a hacking attempt but I was recently scanned
by one of those scripts that try a dictionary attack on ssh passwords -
it was few hundred entries in when I blackholed them, but now I want to
know how strong my passwords really are. I would have thought that
auditing a system with public access in this fashion is a normal
procedure to avoid exposure - or is my knowledge of security and
responsibility that far out of date?
Google is not a lot of help here ranging from "JtR is a fast cracker" to
"forever" so I am after "whats a reasonable time"
BillK
On Wed, 2005-07-06 at 07:21 +0800, William Kenworthy wrote:
> HI, I am running john the ripper on a shadow file with 6 passwords and I
> am up to 11 1/2 days using an athlon 2500+
>
> 1. how long could I expect it to take until finish?
> 2. if its an infinite/near infinite time, how long is considered
> adequate?
>
> BillK
>
More information about the plug
mailing list