Password cracker for RHEL 5
Yong Huang
yong321 at yahoo.com
Thu May 28 14:39:19 UTC 2009
On 5/27/09, Manuel Aróstegui <manuel at todo-linux.com> wrote:
>
> On Wed, 2009-05-27 at 08:53 +0200, Kenneth Holter wrote:
> > Hello all.
> >
> >
> > We'd like to (automatically) check the strength of our users passwords.
> We
> > currently don't have a LDAP server, so the passwords are store in the
> > servers' /etc/shadow file.
> > Is there a light weight password cracking application for RHEL 5 either
> from
> > the official repo or EPEL, that can be run on a per server basis?
>
>
> It is not hard to find a ldap cracker (John The Ripper support LDAP
> password cracking) the problem is to find or to build a nice and big
> passwords dictionary.
>
> Manuel.
My idea about building this nice and big password dictionary is that we build
a modified character permutation list. The modification is based on your
users' password habit. For example, if you know the probability they only use
alphanumerics is very small, and that they use alphanumerics plus 2 or 3
punctuation marks is very high, try that list first. Our users, according to
my observation, use alphanumerics plus @, !, and $, (very rarely plus any t
ype of bracket, etc). I have a very simple Perl script to do this. See
http://yong321.freeshell.org/oranotes/PasswordRetrieval.txt
That article is for retrieving Oracle passwords on users' request. But the
idea is the same.
Yong Huang
More information about the redhat-list
mailing list