Re: John the Ripper
On Sun, Sep 27, 2009 at 09:53:54AM -0700, Kelly Clowers wrote: On Sat, Sep 26, 2009 at 22:45, Mike McClain mike.j...@nethere.com wrote: Admittedly the password is non-trivial being 13 characters, mixed upper and lower case, numbers and punctuation With a password like that, I don't think there is much chance of it finishing in your lifetime (unless you upgrade to a quantum processor at some point). Kelly Clowers Thanks, Kelly. Mike -- Satisfied user of Linux since 1997. O ascii ribbon campaign - stop html mail - www.asciiribbon.org -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: John the Ripper
On Sat, Sep 26, 2009 at 10:45:18PM -0700, Mike McClain wrote: I've had John running since Jan '08 and it's yet to break my password. Admittedly the password is non-trivial being 13 characters, mixed upper and lower case, numbers and punctuation but I keep expecting John to send me a note saying it's been cracked since John runs six hours each night and my computer is on at night more often than not. Is there some further configuration necessary to John installed with apt-get before it will crack normal Debian passwords? BTW, this is a mostly stock Etch system. I think it's time to upgrade your system to Lenny and try tho new and improved (??) version from there :-) (Ahem, stable, testing and unstable all carry 1.7.2-3 . But that's not an excuse not to upgrade. Right?) -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il || a Mutt's tzaf...@cohens.org.il || best ICQ# 16849754 || friend -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: John the Ripper
Hi, On Sat, 2009-09-26 at 22:45 -0700, Mike McClain wrote: I've had John running since Jan '08 and it's yet to break my password. Admittedly the password is non-trivial being 13 characters, mixed upper and lower case, numbers and punctuation but I keep expecting John to send me a note saying it's been cracked since John runs six hours each night and my computer is on at night more often than not. Is there some further configuration necessary to John installed with apt-get before it will crack normal Debian passwords? BTW, this is a mostly stock Etch system. See How long should I expect John to run? in/usr/share/doc/john/FAQ.gz Regards, Franklin -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: John the Ripper
On Sat, Sep 26, 2009 at 22:45, Mike McClain mike.j...@nethere.com wrote: I've had John running since Jan '08 and it's yet to break my password. Admittedly the password is non-trivial being 13 characters, mixed upper and lower case, numbers and punctuation but I keep expecting John to send me a note saying it's been cracked since John runs six hours each night and my computer is on at night more often than not. Is there some further configuration necessary to John installed with apt-get before it will crack normal Debian passwords? BTW, this is a mostly stock Etch system. With a password like that, I don't think there is much chance of it finishing in your lifetime (unless you upgrade to a quantum processor at some point). Cheers, Kelly Clowers -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: John the Ripper
On Sat, Sep 26, 2009 at 10:45:18PM -0700, Mike McClain wrote: I've had John running since Jan '08 and it's yet to break my password. Admittedly the password is non-trivial being 13 characters, mixed upper and lower case, numbers and punctuation but I keep expecting John to send me a note saying it's been cracked since John runs six hours each night and my computer is on at night more often than not. Is there some further configuration necessary to John installed with apt-get before it will crack normal Debian passwords? BTW, this is a mostly stock Etch system. The John the Ripper mailing list may be more helpful. -- Chris -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: john the ripper
Baixa o tarball dele aqui http://www.openwall.com/john/ e compila, fim de papo On 07/11/2007, Felipe Augusto van de Wiel (faw) [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06-11-2007 23:44, Franz Gustav Niederheitmann wrote: Em Ter, 2007-11-06 às 22:35 -0200, Leandro de Araujo Julio escreveu: Na verdade eu estava procurando é para o etch, pq será que não tem? se tem para as outras. etch = stable talvez naum seja considerado um pacote estavel... Exato. [1]Removido em novembro de 2006 da testing (na época era etch) por conter bugs que não poderiam estar numa versão estável do Debian, o pacote ainda contém alguns problemas e parece estar relativamente órfão. 1. http://packages.qa.debian.org/j/john/news/20061104T233920Z.html tentou os backports ou o apt-get.org? É bem provável que a versão atual funcione no etch, mas é melhor você verificar os bugs dele para saber o que pode acontecer ao instalá-lo e usá-lo. Abraço, - -- Felipe Augusto van de Wiel (faw) Debian. Freedom to code. Code to freedom! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHMSIxCjAO0JDlykYRAhpjAJ9HfKYXYJ21eKXxLqWQF38b7N6EjgCfQx3/ lCejLmDzJGSoTNK4gZcr3KQ= =2UfU -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: john the ripper
Na verdade eu estava procurando é para o etch, pq será que não tem? se tem para as outras. Em Seg, 2007-11-05 às 10:43 -0200, Maxwillian Miorim escreveu: On 11/4/07, Leandro de Araujo Julio [EMAIL PROTECTED] wrote: Alguém sabe me dizer se tem o john the ripper em algum repositório Debian, fiz uma busca mas o máximo que achei foi um para o woody. -- In a World without Walls and Fences, who needs Windows and Gates? - Think different. -Think Linux. Quanto a Lenny eu não sei mas tem na Sarge, SID e Experimental: http://packages.debian.org/john Qualquer coisa pega em http://www.openwall.com/john/ ;) -- In a World without Walls and Fences, who needs Windows and Gates? - Think different. -Think Linux. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: john the ripper
Em Ter, 2007-11-06 às 22:35 -0200, Leandro de Araujo Julio escreveu: Na verdade eu estava procurando é para o etch, pq será que não tem? se tem para as outras. etch = stable talvez naum seja considerado um pacote estavel... tentou os backports ou o apt-get.org? Em Seg, 2007-11-05 às 10:43 -0200, Maxwillian Miorim escreveu: On 11/4/07, Leandro de Araujo Julio [EMAIL PROTECTED] wrote: Alguém sabe me dizer se tem o john the ripper em algum repositório Debian, fiz uma busca mas o máximo que achei foi um para o woody. -- In a World without Walls and Fences, who needs Windows and Gates? - Think different. -Think Linux. Quanto a Lenny eu não sei mas tem na Sarge, SID e Experimental: http://packages.debian.org/john Qualquer coisa pega em http://www.openwall.com/john/ ;) -- In a World without Walls and Fences, who needs Windows and Gates? - Think different. -Think Linux. -- Franz Gustav Niederheitmann [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: john the ripper
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06-11-2007 23:44, Franz Gustav Niederheitmann wrote: Em Ter, 2007-11-06 às 22:35 -0200, Leandro de Araujo Julio escreveu: Na verdade eu estava procurando é para o etch, pq será que não tem? se tem para as outras. etch = stable talvez naum seja considerado um pacote estavel... Exato. [1]Removido em novembro de 2006 da testing (na época era etch) por conter bugs que não poderiam estar numa versão estável do Debian, o pacote ainda contém alguns problemas e parece estar relativamente órfão. 1. http://packages.qa.debian.org/j/john/news/20061104T233920Z.html tentou os backports ou o apt-get.org? É bem provável que a versão atual funcione no etch, mas é melhor você verificar os bugs dele para saber o que pode acontecer ao instalá-lo e usá-lo. Abraço, - -- Felipe Augusto van de Wiel (faw) Debian. Freedom to code. Code to freedom! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHMSIxCjAO0JDlykYRAhpjAJ9HfKYXYJ21eKXxLqWQF38b7N6EjgCfQx3/ lCejLmDzJGSoTNK4gZcr3KQ= =2UfU -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: john the ripper
On 11/4/07, Leandro de Araujo Julio [EMAIL PROTECTED] wrote: Alguém sabe me dizer se tem o john the ripper em algum repositório Debian, fiz uma busca mas o máximo que achei foi um para o woody. -- In a World without Walls and Fences, who needs Windows and Gates? - Think different. -Think Linux. Quanto a Lenny eu não sei mas tem na Sarge, SID e Experimental: http://packages.debian.org/john Qualquer coisa pega em http://www.openwall.com/john/ ;) -- Max
Re: John the Ripper in Etch?
On Sun, Dec 31, 2006 at 12:57:26AM +0100, Matus UHLAR - fantomas wrote: On Wed, 2006-12-27 at 02:22 -0500, Greg Folkert wrote: PLEASE OH PLEASE DROP THE HTML COLORING. On Wed, Dec 27, 2006 at 01:16:49PM +0100, Sven Arvidsson wrote: I agree, but to be fair, it's a multi-part message, so your mail reader should be able to to only display the text/plain part. I only wish Evolution would support this :( sending HTML mail is denied in debian lists according to http://www.debian.org/MailingLists/#codeofconduct, however multipart messages are not mentioned there :( On 27.12.06 10:18, Andrew Sackville-West wrote: what are you guys seeing? All I see is a two slashes surrounding the text, annoying, but not bad. I'm using mutt. Sometimes I'll see various html tags, but I saw none in that one. this was in original message header: body bgcolor=#00 text=#33ff33 ifont size=+3font face=Blood Of Draculaperhaps it will have to be added in manually?br i think that IS coloring... I'm not doubting you, I was just curious as mutt tends to ignore all that stuff, or use l[iy]nks to output the html message as plain text and didn't see anything to indicate that it was there. thanks A signature.asc Description: Digital signature
Re: John the Ripper in Etch?
On Wed, 2006-12-27 at 02:22 -0500, Greg Folkert wrote: PLEASE OH PLEASE DROP THE HTML COLORING. On Wed, Dec 27, 2006 at 01:16:49PM +0100, Sven Arvidsson wrote: I agree, but to be fair, it's a multi-part message, so your mail reader should be able to to only display the text/plain part. I only wish Evolution would support this :( sending HTML mail is denied in debian lists according to http://www.debian.org/MailingLists/#codeofconduct, however multipart messages are not mentioned there :( On 27.12.06 10:18, Andrew Sackville-West wrote: what are you guys seeing? All I see is a two slashes surrounding the text, annoying, but not bad. I'm using mutt. Sometimes I'll see various html tags, but I saw none in that one. this was in original message header: body bgcolor=#00 text=#33ff33 ifont size=+3font face=Blood Of Draculaperhaps it will have to be added in manually?br i think that IS coloring... -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Nothing is fool-proof to a talented fool. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: John the Ripper in Etch?
On Tue, Dec 26, 2006 at 04:34:36AM -0800, Frank Bauer wrote: Hi, I just noticed that John the Ripper dropped off Etch and there is no visible activity from its mailntainer to bring it back. As Etch is nearing, does it mean john will not be part of it? Looks like that. It has been removed because of this bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375850 How are we going to demonstrate our users their weak passwords? The only alternative I found in Etch is crack, obsolete since the last millenium or so. Well it's quite late now for a package takeover and reintroduction for etch. When someone has picked up the package and uploaded a fixed version it should be easy to create a backport for etch. Until that happens you can of course use the partly broken package from unstable or just compile from source. Sven -- If you won't forgive me the rest of my life Let me apologize while I'm still alive I know it's time to face all of my past mistakes [Less than Jake - Rest Of My Life] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: John the Ripper in Etch?
On Wed, 2006-12-27 at 02:22 -0500, Greg Folkert wrote: PLEASE OH PLEASE DROP THE HTML COLORING. I agree, but to be fair, it's a multi-part message, so your mail reader should be able to to only display the text/plain part. I only wish Evolution would support this :( -- Cheers, Sven Arvidsson http://www.whiz.se PGP Key ID 760BDD22 signature.asc Description: This is a digitally signed message part
Re: John the Ripper in Etch?
On Wed, Dec 27, 2006 at 01:16:49PM +0100, Sven Arvidsson wrote: On Wed, 2006-12-27 at 02:22 -0500, Greg Folkert wrote: PLEASE OH PLEASE DROP THE HTML COLORING. I agree, but to be fair, it's a multi-part message, so your mail reader should be able to to only display the text/plain part. I only wish Evolution would support this :( what are you guys seeing? All I see is a two slashes surrounding the text, annoying, but not bad. I'm using mutt. Sometimes I'll see various html tags, but I saw none in that one. A signature.asc Description: Digital signature
Re: John the Ripper in Etch?
On Tue, Dec 26, 2006 at 04:34:36AM -0800, Frank Bauer wrote: Hi, I just noticed that John the Ripper dropped off Etch and there is no visible activity from its mailntainer to bring it back. Check bug #375850 [0]. As Etch is nearing, does it mean john will not be part of it? It appears that maintainer has not bothered to fix the bug. How are we going to demonstrate our users their weak passwords? The only alternative I found in Etch is crack, obsolete since the last millenium or so. Use the upstream version or backport the package yourself from Sid? Regards, -Roberto [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375850 -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com signature.asc Description: Digital signature
Re: John the Ripper in Etch?
/perhaps it will have to be added in manually? operator / Frank Bauer wrote: Hi, I just noticed that John the Ripper dropped off Etch and there is no visible activity from its mailntainer to bring it back. As Etch is nearing, does it mean john will not be part of it? How are we going to demonstrate our users their weak passwords? The only alternative I found in Etch is crack, obsolete since the last millenium or so. Frank __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: John the Ripper in Etch?
On Tue, 2006-12-26 at 12:04 -0500, operator wrote: perhaps it will have to be added in manually? operator Frank Bauer wrote: Hi, I just noticed that John the Ripper dropped off Etch and there is no visible activity from its mailntainer to bring it back. As Etch is nearing, does it mean john will not be part of it? How are we going to demonstrate our users their weak passwords? The only alternative I found in Etch is crack, obsolete since the last millenium or so. PLEASE OH PLEASE DROP THE HTML COLORING. iT IS EXCEPTIONALLY ANNOYING. Blacklisting is sure to be the result... That or a twit file. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part
Re: John the Ripper
Jerome BENOIT wrote: Hill All ! The John package (password cracker) write the file `john.pot' in the root directory '/'. I do not like that: how can we ask to John to write this file somewhere else ? John writes the list of cracked passwords in ~/ which would be /root if run by the superuser. This should be a very secure directory, so it's probably as good a place as any. -Brian -- Brian J. Stults Department of Sociology phone: (352) 392-0265 x286 University of Florida fax: (352) 392-6568Gainesville, Florida 32611-7330 pgp: http://clas.ufl.edu/~bstults/bstults.gpg -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: John the Ripper
Brian Stults wrote: Jerome BENOIT wrote: Hi All ! The John package (password cracker) write the file `john.pot' in the root directory '/'. I do not like that: how can we ask to John to write this file somewhere else ? John writes the list of cracked passwords in ~/ which would be /root if run by the superuser. I guess that I have a basic Woody box: so why `john.pot' is in '/' but not in '/root' ? This should be a very secure directory, so it's probably as good a place as any. Yes, indeed. -Brian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: John the Ripper
On Sun, Oct 27, 2002 at 11:23:00AM -0500, Brian Stults wrote: Jerome BENOIT wrote: The John package (password cracker) write the file `john.pot' in the root directory '/'. I do not like that: how can we ask to John to write this file somewhere else ? John writes the list of cracked passwords in ~/ which would be /root if run by the superuser. This should be a very secure directory, so it's probably as good a place as any. I remember similar problem with fetchmail when I made my own /etc/init.d/fetchmail. Basically, process run from /etc/rc2.d/* etc are run with the root privirage and home directory is / (not /root). I think you can put --- HOME=/whereever export HOME ... your script starting john --- in your init.d script's starting section. This may work. Also, -- ~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ + Osamu Aoki [EMAIL PROTECTED] Cupertino CA USA, GPG-key: A8061F32 .''`. Debian Reference: post-installation user's guide for non-developers : :' : http://qref.sf.net and http://people.debian.org/~osamu `. `' Our Priorities are Our Users and Free Software --- Social Contract -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: John the Ripper
On Sun, Oct 27, 2002 at 07:03:36PM +0200, Jerome BENOIT wrote: John writes the list of cracked passwords in ~/ which would be /root if run by the superuser. I guess that I have a basic Woody box: so why `john.pot' is in '/' but not in '/root' ? You are probably talking about John's cronjob. Since it is run by cron, $HOME/something will be /something. See bug #116257 J. -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: John the Ripper
On Sun, Oct 27, 2002 at 04:56:48PM +0200, Jerome BENOIT wrote: The John package (password cracker) write the file `john.pot' in the root directory '/'. I do not like that: how can we ask to John to write this file somewhere else ? I'd assume it did that because your working directory was / at the moment. cd /tmp or something... -- Baloo msg09557/pgp0.pgp Description: PGP signature