D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] How a cheap graphics card could crack your password in under a second...!

 

On 02/06/11 22:00, Gordon Henderson wrote:
> 
> Unix passwords are somewhat trickier to brute-force

Depending what method is in use of course.

If you haven't changed your password in a while i.e. since your distro
switched to SHA512, it is possible the password is still using MD5 hash
algorithm which the same program brute forces quickly.

Look for lines in /etc/shadow that don't start the password field with
"$6$".

I think this should do the trick.

cut -f2 -d":" /etc/shadow | grep -v -e '^!$' -e '^*$'  -e '^\$6\$'

Any output suggests not using SHA512 for passwords.

> http://en.wikipedia.org/wiki/Crack_%28software%29
> http://en.wikipedia.org/wiki/John_the_ripper

Packaged versions in Debian doesn't support SHA-512 I can see bug 563698
needs a prod.

However the current source version appears to be high suboptimal for
SHA-512 passwords (21c/s doesn't sound right to me for my CPU).

Hmm the Drepper paper on SHA-512 if offline - darn.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq