From owner-freebsd-security  Sat May 29  9:20:53 1999
Delivered-To: freebsd-security@freebsd.org
Received: from gatekeeper.iserver.com (gatekeeper.iserver.com [192.41.0.2])
	by hub.freebsd.org (Postfix) with ESMTP id 505D914CFF
	for <security@FreeBSD.ORG>; Sat, 29 May 1999 09:20:51 -0700 (PDT)
	(envelope-from hart@iserver.com)
Received: by gatekeeper.iserver.com; Sat, 29 May 1999 10:20:52 -0600 (MDT)
Received: from unknown(192.168.1.109) by gatekeeper.iserver.com via smap (V3.1.1)
	id xma027221; Sat, 29 May 99 10:20:27 -0600
Received: (hart@localhost) by anchovy.orem.iserver.com (8.9.2) id KAA23105; Sat, 29 May 1999 10:19:38 -0600 (MDT)
Date: Sat, 29 May 1999 10:19:38 -0600 (MDT)
From: Paul Hart <hart@iserver.com>
X-Sender: hart@anchovy.orem.iserver.com
To: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Cc: security@FreeBSD.ORG
Subject: Re: System beeing cracked!
In-Reply-To: <xzpbtf32a5t.fsf@localhost.ping.uio.no>
Message-ID: <Pine.BSF.3.96.990529101506.23101A-100000@anchovy.orem.iserver.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 29 May 1999, Dag-Erling Smorgrav wrote:

> > a) take your master.passwd file and run crack on it yourself and see if it
> > finds the passwords itself.
> 
> I've found John to be far more powerful. It's in the ports.

Yes, I would second that opinion.  John the Ripper understands many of the
non-DES crypt replacements used in various UNIX versions, such as
FreeBSD's MD5 and OpenBSD's Blowfish, and uses hand-optimized assembly
language versions of the hashing algorithms on many target architectures. 

It is probably the best overall password cracker available, in my opinion. 

Paul Hart

--
Paul Robert Hart        ><8>  ><8>  ><8>        Verio Web Hosting, Inc.
hart@iserver.com        ><8>  ><8>  ><8>        http://www.iserver.com/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message