article

John the Ripper is a password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms (11 flavors of Unix - counting each flavour only once for all the architectures it supports -, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects, and includes a customisable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix flavors (based on DES, MD5, or Blowfish), Kerberos, AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL and others.

John the Ripper is a perfectly safe program to install and run on your computer. If you are running a multi-user system, you should make sure you are shadowing your password file such that the hashes are not visible; however even if you are not, not installing John will not prevent a malicious user from running John on their own computer with your hashes.

Sample output

Here is a sample output in a Linux debian environment. 

root@0*# cat pass.txt
user:1Gwn39lwmRu9U
root@0*# john -w:password.lst pass.txt
Loaded 1 password hash (Traditional DES 4K)
umbrella         (user)
guesses: 1  time: 0:00:00:00 100%  c/s: 752  trying: 12345 - pookie

Attack types

John operates by the so-called dictionary attack. It takes text string samples (usually from a file containing words found in a dictionary), encrypting it in the same format as the password being examined, and comparing the output to the encrypted string. It can also perform a variety of alterations to the dictionary words and try these. It also offers a brute force mode. Some recent versions of the program operate using a brute-force attack. In this type of attack, the program generates all the possible plaintexts up to a certain length, then hashes them and compares them to the input hash. This method is useful for cracking passwords which do not appear in dictionary wordlists, but it does take a long time to run.

See also

External links

John the Ripper | John the Ripper | John the Ripper | John the Ripper | Cryptographic software | Computer benchmarks

 

This article is licensed under the GNU Free Documentation License. It uses material from the "John the Ripper".

Home Pageartsbusinesscomputersgameshealthhospitalshomekids & teensnewsphysiciansrecreationreferenceregionalscienceshoppingsocietysportsworld