Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 17 Oct 2006 09:41:47 -0400
From: Brian Cuttler <brian@...sworth.org>
To: john-users@...ts.openwall.com
Subject: Re: John, word list question

Nick,

V6, has worked well for us for quite some time (we have an approved
site policy that allows the system group to run John).

We have john installed under a non-priv account (but all files
protected) and check for weak passwords and alert the users who
are found to have weak passphrases, so that can change them.

Our ~/run/john.ini file contains the following line

Wordfile = /home/compsec/run/pwdlist.txt

The pwdlist.txt file contains the following, which looks like a
text file rather than a hashed file to me, but the leading numeric
and space in the after about line 20 made me thing this was not just
a list but contained additional fields.

I will also check the archive sites you recommended.

[sodor] ~/run 10 >file pwdlist.txt
pwdlist.txt:    ascii text

===start included text, comments removed.

!
!!
!@...
!@...^
!@...^&
!@...^&*
"
%
&
'
'Eamonn
(
)
*
+
+-
,
-
->
.
...
0
000000
00000000
1 AAD
1 AADEL
1 AADLAND
1 AAL
1 AALBU
1 AARDAPPEL
1 AARONSON
1 AART
1 ABADILLA
1 ABARCA
1 ABARTA
1 ABASCAL
1 ABBACUCCIO
1 ABBASCIANO
1 ABBEY
1 ABBIE

=== end included text

						thank you,

						Brian


On Mon, Oct 16, 2006 at 06:26:03PM -0400, Nick Travis wrote:
> >
> >I had hoped to add a few site specific words/acronyms to the word list
> >but didn't see how, and was reluctant to simply add them to
> >run/pwdlist.txt
> >(or anyplace else) as I wasn't certain what all the fields where (what
> >does
> >the prefix number mean in the pwdlist.txt file ?).
> >
> >
> 
> Brian,
> 
> Does your pwdlist.txt file contain hashes or a password list?  Searching the
> list archives tehe only mention of pwdlist.txt contains hashes, however that
> could just be something that you have setup.  I'm running version
> 1.7.0.2under linux-x86 and have a
> password.lst file that contains the most common passwords.  I have added a
> few words to this list and it appears to work fine, hashes of those
> passwords are cracked in seconds.  My run/john.conf file has the variable
> "Wordlist" for the default wordlist.
> 
> What version of John are you running?
> 
> 
> Nick
---
   Brian R Cuttler                 brian.cuttler@...sworth.org
   Computer Systems Support        (v) 518 486-1697
   Wadsworth Center                (f) 518 473-6384
   NYS Department of Health        Help Desk 518 473-0773


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ