From owner-freebsd-questions@FreeBSD.ORG Thu Mar 18 10:53:35 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B1E2716A4CE for ; Thu, 18 Mar 2004 10:53:35 -0800 (PST) Received: from ex-nihilo-llc.com (ex-nihilo-llc.com [206.114.147.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7EEA643D2D for ; Thu, 18 Mar 2004 10:53:35 -0800 (PST) (envelope-from aaron@alpete.com) Received: from mail.alpete.com (localhost [127.0.0.1]) by ex-nihilo-llc.com (Postfix) with SMTP id E32DC12F; Thu, 18 Mar 2004 13:56:35 -0500 (EST) Received: from 162.114.211.143 (proxying for 172.26.45.133) (SquirrelMail authenticated user aaron@alpete.com) by mail.alpete.com with HTTP; Thu, 18 Mar 2004 13:56:36 -0500 (EST) Message-ID: <63529.162.114.211.143.1079636196.squirrel@mail.alpete.com> In-Reply-To: <200403181138.12378.ecrist@adtechintegrated.com> References: <200403181138.12378.ecrist@adtechintegrated.com> Date: Thu, 18 Mar 2004 13:56:36 -0500 (EST) From: "Aaron Peterson" To: ecrist@adtechintegrated.com User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal cc: freebsd-questions@freebsd.org Subject: Re: John The Ripper? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: aaron@alpete.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2004 18:53:35 -0000 > Does anyone know the best way to execute john the ripper against freebsd > password files? I'm testing the strength of my own passwords and have > never > used this software for. The way it looks to me, I need to obtain a > dictionary file, or pound on the keyboard to have john start guessing > passwords. you will need a merged (old style) password file to give john, and i believe there are some easy programs you can run as root to accomplish this (although i don't know their names off hand). What i mean is generally these days most unix like systems have a password file without actual password hashes in them that are world readable, and a separate file/db containing the password hashes for each account that is only readable by root. they must be merged into one file for john to crack. then i think it's a simple as typing 'john passwordfile' if you want brute force rather than dictionary. Aaron