[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 02/06/11 22:00, Gordon Henderson wrote: > > Unix passwords are somewhat trickier to brute-force Depending what method is in use of course. If you haven't changed your password in a while i.e. since your distro switched to SHA512, it is possible the password is still using MD5 hash algorithm which the same program brute forces quickly. Look for lines in /etc/shadow that don't start the password field with "$6$". I think this should do the trick. cut -f2 -d":" /etc/shadow | grep -v -e '^!$' -e '^*$' -e '^\$6\$' Any output suggests not using SHA512 for passwords. > http://en.wikipedia.org/wiki/Crack_%28software%29 > http://en.wikipedia.org/wiki/John_the_ripper Packaged versions in Debian doesn't support SHA-512 I can see bug 563698 needs a prod. However the current source version appears to be high suboptimal for SHA-512 passwords (21c/s doesn't sound right to me for my CPU). Hmm the Drepper paper on SHA-512 if offline - darn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq