Date: Mon, 6 Sep 2021 17:39:17 +0200 From: Solar Designer <solar@...nwall.com> To: Yan Ngusu <yanngusu05@...il.com> Cc: john-users@...ts.openwall.com Subject: Re: crack passphrase in the browsers Hi Yan, On Wed, Sep 01, 2021 at 04:09:30PM +0200, Yan Ngusu wrote: > I know that when you lose your passe phrase, the best thing to do is to > create a new account. > But, I've some users, they didn't share some of their passwords, but they > lost the passphrase. > > So, My questions is: > > 1. There's not another way to recover the account without creating it? If you administer the system/service where those user accounts are registered, then you can reset their passwords for them (provided that you authenticate the people in some other way). > 2. If Jhon the ripper can help to crack the password on a file, can it do > the same for a passphrase in the browsers? If Yes, how please? I don't know what exactly you mean by doing it "in the browsers". If you mean the user saved their passwords in a web browser, but forgot the master password for the browser's password storage, then a suitable JtR "format" could be used to try and recover the master password (if that password is weak or partially known). See doc/README.mozilla. If you mean probing passwords against a remote service via a web browser, then JtR can not be used for this. A tool that does something like this (but not exactly) is THC Hydra (and JtR can be used to feed candidate passwords into it), but this is generally pointless and could cause trouble and get you in trouble. To use a tool like this you need authorization from whoever runs the service, but they could simply reset the password(s) for you. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.