John the Password

Voodoo2 · 07-12-2005 4:24pm #1

the 'John the Ripper' password cracker from http://openwall.com/john.
This is Open Source software which can be employed to test the strength of
passwords on a given system. In order to run the code, it is necessary to build and
configure it from its tarball (tar.gz file).

Any one know how to use this, i have to do a project on it in college, where do i start, im not too up on linux,

Red Alert · 07-12-2005 11:44pm

i guess you've installed some version of Linux, or maybe you might want to dig out an old computer and do that first.

debian should be a good choice and fast to install for a newbie although i don't see johntheripper listed as a supported package. fedora might be easier for a newbie but like debian there's no predone package. you'd have to download, compile and install yourself.

do you currently have access to linux/unix?

Fenster · 08-12-2005 12:22am

[root][~] # emerge -up johntheripper

These are the packages that I would merge, in order:

Calculating dependencies ...done!
[ebuild  N    ] app-crypt/johntheripper-1.6.38

Go Gentoo

You sound like you were after a Windows binary though. Click here

Voodoo2 · 08-12-2005 12:30am

OK i got it installed and working but the Signature file (which is part of the project) using gpg -verify doesnt work what does that mean?

Fenster · 08-12-2005 12:55am

You can ignore that, unless you're paranoid or deeply into crypto..

Voodoo2 · 08-12-2005 1:21am

I need to do it for the project but it comes up with

> gpg --verify john-1.6.tar.gz.sign john-1.6.tar.gz it comes up with
> signature made sat 18 etc etc RSA KEY ID 295029F1 Cant check signature
> public key not found,
What does this mean

Syth · 08-12-2005 1:37am

You can cryptographically sign a file. This allows people to know that the file they have was definitly created by you. This guarantees that a piece of software has not been tampered by anyone.

In order to do this you need the signature of the person who signed the file. You could get it from the website. But odds are it's an OK file. *Especially* if you downloaded it from the website yourself. So you can ignore that step and everything will still work.

Khannie · 08-12-2005 9:14am

Do tell more about this project. I have heard of john. Thought it was either a dictionary checker, or a brute force checker. If you're actually allowed to run this on a working college password file as part of a project, please report back the ten most hillarious passwords that you get.

I guess that you get at least 10 units of: "123456", "hello", "welcome" and "password".

Bet bet bet....

John the Password

Comments