john is weird!
i installed john because i want to enforce strong passwords. i think that's a legit thing to do. however, i don't think john ever did anything. i get these messages *all the time* from all systems i have john on via cron. even though there are only 14 accounts on this particular one, i doubt that john checks all passwords with 0 guesses and in 1.59 seconds! - Forwarded message from Cron Daemon [EMAIL PROTECTED] - /etc/cron.daily/john: guesses: 0 time: 0:00:01:59 100% c/s: 1004 trying: lhannes1969 Loaded 14 passwords with 14 different salts (FreeBSD MD5 [32/32]) 0 messages sent - End forwarded message - this is a vanilla install with the only modification being the line passfile=/root/.john-passfile in /etc/john-mail.conf, as instructed in the preceding comment. what am i doing wrong? or is john just broken? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] friendships last when each friend thinks he has a slight superiority over the other. -- honore debalzac pgpOx3VSKbTvu.pgp Description: PGP signature
Re: john is weird!
On Wed, Jan 16, 2002 at 02:13:25PM +0100, martin f krafft wrote: i installed john because i want to enforce strong passwords. i think that's a legit thing to do. however, i don't think john ever did anything. i get these messages *all the time* from all systems i have john on via cron. Hmm... Maybe the message shouldn't be sent when no passwords were broken. even though there are only 14 accounts on this particular one, i doubt that john checks all passwords with 0 guesses and in 1.59 seconds! The test done in the cronjob is against a wordlist and information gathered from passwd (IIRC). Maybe you could try using a better wordlist... (This is particularly important for people outside English-speaking countries! ;-) John may also be used in incremental mode, but that means it would try to break passwords forever (because it never stops). This is not the default for the cronjob. this is a vanilla install with the only modification being the line passfile=/root/.john-passfile in /etc/john-mail.conf, as instructed in the preceding comment. what am i doing wrong? or is john just broken? The first time I used it, 2 passwords were broken (out of 5!) -- one was identical to the username, and the other was an English word followed by numbers. Maybe your passwords are just good after all? Try setting an account with an easy password and see if john breaks it. You may try different easy ones if you want to check how hard john is trying to break them! J. --
Re: john is weird!
[cc'd to -devel because i see a problem. read on below...] also sprach Jeronimo Pellegrini [EMAIL PROTECTED] [2002.01.16.1709 +0100]: i installed john because i want to enforce strong passwords. i think that's a legit thing to do. however, i don't think john ever did anything. i get these messages *all the time* from all systems i have john on via cron. Hmm... Maybe the message shouldn't be sent when no passwords were broken. it's also an error message... i think. even though there are only 14 accounts on this particular one, i doubt that john checks all passwords with 0 guesses and in 1.59 seconds! The test done in the cronjob is against a wordlist and information gathered from passwd (IIRC). Maybe you could try using a better wordlist... (This is particularly important for people outside English-speaking countries! ;-) John may also be used in incremental mode, but that means it would try to break passwords forever (because it never stops). This is not the default for the cronjob. yes, i know that. thanks for being thorough though! this is a vanilla install with the only modification being the line passfile=/root/.john-passfile in /etc/john-mail.conf, as instructed in the preceding comment. what am i doing wrong? or is john just broken? The first time I used it, 2 passwords were broken (out of 5!) -- one was identical to the username, and the other was an English word followed by numbers. Maybe your passwords are just good after all? Try setting an account with an easy password and see if john breaks it. You may try different easy ones if you want to check how hard john is trying to break them! my problem is that the cronjob apparently runs for 1 second. no wait, i just did it by hand (just like what cron does), and that's 1 minute, 55 seconds. and it does find the easy passwords! however, and this leads me to another problem. in its default configuration, john is configured with a wordlist in john.ini (who the heck named that .ini), it has shells to ignore configured in /etc/john-mail.conf, but *never* uses any of that information. in fact, in it's default config, all it does is check the passwords with GECOS information. that's definitely necessary, but pretty useless by itself!!! it should really do wordlist matching *and* brute force incremental afterwards. i think this should be a bug, john is *useless* as it is, and one wouldn't be expected to modify the package's cron.daily entry, right? at least this is how i see Debian - there should be a proper conf-file for that. however, i'd rather not deal with the maintainer again. the last time was a very negative experience. your thoughts? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] man muss noch chaos in sich haben um einen tanzenden stern zu gebaehren. -- nietzsche pgpd7qvQLxDHE.pgp Description: PGP signature
Re: john is weird!
On Wed, Jan 16, 2002 at 06:47:54PM +0100, martin f krafft wrote: my problem is that the cronjob apparently runs for 1 second. no wait, i just did it by hand (just like what cron does), and that's 1 minute, 55 seconds. and it does find the easy passwords! however, and this leads me to another problem. in its default configuration, john is configured with a wordlist in john.ini (who the heck named that .ini), it has shells to ignore configured in /etc/john-mail.conf, but *never* uses any of that information. Er... The patch that introduced the cronjob is mine -- I'll take another look at it. If the behavior during the cronjob is only use GECOS information, then that's not really what I initially intended (I should have checked it better). BTW, now that you said, it would be nice if wordlists could be configured in a conffile too. in fact, in it's default config, all it does is check the passwords with GECOS information. that's definitely necessary, but pretty useless by itself!!! it should really do wordlist matching *and* brute force incremental afterwards. I agree on the wordlist checking, but I am not sure about brute force... Anyway -- maybe all this can be turned into configurable options -- I'll think of something and talk to the Christian (the maintainer) later. J. --
Re: john is weird!
martin f krafft wrote: snip I feel like taking the subject of this thread personally.
Re: john is weird!
At 08:59 AM 1/17/02 +1000, john wrote: martin f krafft wrote: snip I feel like taking the subject of this thread personally. me too
Re: john is weird!
also sprach john [EMAIL PROTECTED] [2002.01.16.2359 +0100]: snip I feel like taking the subject of this thread personally. i was afraid someone would. i am sure you actually *are* weird too. how boring of a person would you be if you weren't. for what it's worth, i am bloody weird... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] no keyboard present. press f1 to continue. zen engineering. pgpBbn8y7u8vj.pgp Description: PGP signature
Re: john is weird!
also sprach John Griffiths [EMAIL PROTECTED] [2002.01.17.0021 +0100]: me too great. send mail with subject subscribe to: [EMAIL PROTECTED] you will be automatically added to the [EMAIL PROTECTED] list. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] i have the power to channel my imagination into ever-soaring levels of suspicion and paranoia. pgpyZRwIkAFwL.pgp Description: PGP signature
Way OT Re: john is weird!
martin f krafft wrote: also sprach john [EMAIL PROTECTED] [2002.01.16.2359 +0100]: snip I feel like taking the subject of this thread personally. i was afraid someone would. i am sure you actually *are* weird too. how boring of a person would you be if you weren't. for what it's worth, i am bloody weird... In my youth I played in a Rock and Roll band. I was known as Weird John Strange But how did you know?
Re: Way OT Re: john is weird!
also sprach john [EMAIL PROTECTED] [2002.01.17.0128 +0100]: In my youth I played in a Rock and Roll band. I was known as Weird John Strange But how did you know? scientists study your brain to learn more about your distant cousin, man! nah, i have electrodes in each and every subscriber's brain. they are transfered as worms in the email i send. but hey, don't worry, i am a whitehat! -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);' pgpPMuO6SvEk3.pgp Description: PGP signature
Re: Way OT Re: john is weird!
On Wednesday 16 January 2002 04:28 pm, john wrote: martin f krafft wrote: also sprach john [EMAIL PROTECTED] [2002.01.16.2359 +0100]: snip I feel like taking the subject of this thread personally. i was afraid someone would. i am sure you actually *are* weird too. how boring of a person would you be if you weren't. for what it's worth, i am bloody weird... In my youth I played in a Rock and Roll band. I was known as Weird John Strange But how did you know? dude, it's obvious.