Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: John the Ripper application question
Special Forums UNIX and Linux Applications John the Ripper application question Post 302378976 by pludi on Wednesday 9th of December 2009 08:52:49 AM
Old 12-09-2009
Short answer: No

Long answer: Let's delve into the cryptographic stuff behind UNIX passwords, GPG, and JtC.
UNIX authentication systems never save the passwords themselves in any form, not even encrypted, but instead use a hash of the password. A hash is similar to a compression function. It takes an array of bytes (say, the letters of a password) and mangles them into a fixed length array. The idea is that a small change in the original text yields a big change in the hash, and that by hashing 2 identical texts you get the same hash. If a user wants to authenticate, the password entered is hashed, and the hash is compared to the one saved.
Since hashing means you loose information, hashes will never be collision free. To prevent 2 users accidentally having the same password hash, salts were introduced. Those are random bits prepended to the password, so that even if two users has the same password, their hashes wouldn't match up.
The biggest difference between hashing and encryption functions is that hashes are very fast.

Encryption, OTOH, takes the input message (your text file) and a key (created from your password), and sends both through an encryption function like AES. Contrary to hashes, the result usually isn't shorter than the original, but it's getting transformed, and it's recoverable while hashes are not. Also, encryption schemes usually are very resilient against attacks. For example, with AES it's still impossible to recover the key in a know-plaintext attack (meaning: you have both the original text and the encrypted text, and it's still impossible to find out the key/password used as to decrypt other messages).

John the Ripper (JtR) uses the speed of hashes to its advantage. A dictionary attack is very fast, even against salted password hashes, and even faster again NTLM passwords. But it can only attack hashes, since they're pretty fixed in their parameters, while for encryption there are a lot of variables, such as key length, algorithm used, and which block mode is being used (CBC/CFB/CTR/...)
 

3 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

sudo: application install question

I need to install an application on my Sun station and need root privleges to do so. I was given sudo privileges and was told to issue the following command. bash-2.03$ sudo init 0 I've read the man pages for init and understand the purpose of that command. My questions are: 1. From the... (2 Replies)
Discussion started by: forbin24
2 Replies

2. Red Hat

John the Ripper / CRACK

Has anyone used JTR or CRACK to check if you have any weak passwords on your Red Hat Servers? If so can I ask some basic questions? Or would this question be better pitched in another area of the Forum, if so please suggest where, if anyone is willing to help me in this forum please let me know... (1 Reply)
Discussion started by: stevej123
1 Replies

3. Cybersecurity

John the ripper

Hi evryone, I have problem the john program. It works correctly but I can not make unshadow command because I have removed the file /usr/bin/john by mistake # cd ../run # ./john /root/shadow Loaded 2 password hashes with 2 different salts (FreeBSD MD5 ) letmein (root) letmein ... (5 Replies)
Discussion started by: bander2009
5 Replies

LEARN ABOUT MOJAVE

httppower

httppower(8)							     powerman							      httppower(8)

NAME

       httppower - communicate with HTTP based power distribution units

SYNOPSIS

       httppower [--url URL]

DESCRIPTION

       httppower  is  a  helper program for powerman which enables it to communicate with HTTP based power distribution units.	It is run interac-
       tively by the powerman daemon.

OPTIONS

       -u, --url URL
	      Set the base URL.

INTERACTIVE COMMANDS

       The following commands are accepted at the httppower> prompt:

       auth user:pass
	      Authenticate to the base URL with specified user and password, using ``basic'' HTTP authentication which sends the user and password
	      over the network in plain text.

       seturl URL
	      Set the base URL.  Overrides the command line option.

       get [URL-suffix]
	      Send an HTTP GET to the base URL with the optional URL-suffix appended.

       post [URL-suffix] key=val[&key=val]...
	      Send an HTTP POST to the base URL with the optional URL-suffix appended, and key-value pairs as argument.

FILES

       /usr/sbin/httppower
       /etc/powerman/powerman.conf

ORIGIN

       PowerMan was originally developed by Andrew Uselton on LLNL's Linux clusters.  This software is open source and distributed under the terms
       of the GNU GPL.

SEE ALSO

       powerman(1), powermand(8), httppower(8), plmpower(8), vpcd(8), powerman.conf(5), powerman.dev(5), powerman-devices(7).

       http://sourceforge.net/projects/powerman

powerman-2.3.5							    2009-02-09							      httppower(8)
All times are GMT -4. The time now is 01:22 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy