Think your Joomla! password is secure? Here is a simple test[assuming it is under 15 charectors long]
Go to http://hashcat.net/hashcat-gui/ and download hashcat-gui for your operating system. To check just YOUR password, run the gui , use either plus or lite, and enter your password hash[from the database] in the field. Select the Joomla hash type - and then go ahead and run the cracker. See how long it takes to figure out your password. If your using a dictionary method, you'll need one or more wordlists, you can get some dictionaries from http://www.skullsecurity.org/wiki/index.php/Passwords If you have a website with lots of users that you want to check, instead you can run select `password` from #__users [replace #__ with your prefix. :-)] - and export the list to a text file to give to oclhashplus Most password crackers around are limited to passwords of less than 16 chars[because beyond that, the algorithms change for efficient lookups] - so while making your own passwords greater than 16 chars doesn't mean instant security, it does mean that it is beyond the scope of script kiddies who just download crackers from the internet and don't know how to write their own.
_______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
