Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 10 Mar 2010 21:50:22 +0100
From: Lee Hambley <lee.hambley@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: auditing passwords of remote Linux servers

Actually, My posts are simply to acknowledge your work, as an open-source
maintainer myself, I know that positive feedback can be difficult to come
by. My interest in password cracking falls outside my daily work. My main
take from the work being done in the John community is the very scientific
approach to analysis and performance, and my own personal learning more
about this area. I find it interesting to learn about how the various
dictionaries can be applied, and the pros and cons of various methods of
cracking.

Also interesting that I've never had a successful run of John (I'm a Mac
user, and I did compile from source, and I suck at C) There's every chance I
was doing it wrong, attempting incremental mode on my own shadow password
file (naturally I took steps to ensure all was in the proper format.)
Everything written on the list, and on the wiki helps. I should really try
again to approach the crack!

In this instance, the use of Perl for unshadow replacement was interesting;
as well as some really handy snippets for bash and general tricks of the
trade. As a real beginner in this field, terms such as the "Jumbo patch" are
a little intimidating.

I think I asked previously, but something about identifying different types
of hash would have been really useful. Although, I understand such things
aren't possible.

As one open-source guy to another, you're doing a great job on the community
- it's great to see such a thorough presence on the mailing list.

^ HTH

-- Lee

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.