| 1 |
On Tuesday, 5 February 2019 06:48:53 GMT Dale wrote: |
| 2 |
|
| 3 |
> Sort of picking a random message to reply to here. Someone sent a reply |
| 4 |
> off list about checking passwords on my system with tools available. |
| 5 |
> They also mentioned not trusting strength meters which I can get since |
| 6 |
> they pass some obvious passwords. I used three meters and some sort of |
| 7 |
> common sense as well. I found cracklib-check after some digging. I |
| 8 |
> used that to try to check my password and get this weird response. |
| 9 |
> |
| 10 |
> -su: me-supper-secret-password-here;): event not found |
| 11 |
> |
| 12 |
> I'm going to try to emulate my password without actually posting it, for |
| 13 |
> obvious reasons. You all are smart enough to understand why. ROFL It |
| 14 |
> has some of the following 'stuff' in it. !sdER*ark4567# As you can |
| 15 |
> tell, I use some of those things on the tops of the number keys. It |
| 16 |
> seems that confuses cracklib just a bit. BTW, I was running that as |
| 17 |
> root just to be sure it wasn't a permissions issue. I tried a few |
| 18 |
> different things but it seems the "!" is triggering that at least, maybe |
| 19 |
> others too. The command works fine with just normal stuff. |
| 20 |
|
| 21 |
Hmm ... I don't get such problem here, when I run cracklib as a plain user: |
| 22 |
|
| 23 |
$ cracklib-check |
| 24 |
password |
| 25 |
password: it is based on a dictionary word |
| 26 |
p4ssw0rd |
| 27 |
p4ssw0rd: it is based on a dictionary word |
| 28 |
p477w0rd |
| 29 |
p477w0rd: OK |
| 30 |
!sdER*ark4567# |
| 31 |
!sdER*ark4567#: OK |
| 32 |
helloworld |
| 33 |
helloworld: OK |
| 34 |
reallysecurepassword |
| 35 |
reallysecurepassword: OK |
| 36 |
|
| 37 |
LOL! |
| 38 |
|
| 39 |
Could it be something to do with your terminal/shell? I've run the above with |
| 40 |
bash in a urxvt terminal. |
| 41 |
|
| 42 |
|
| 43 |
> That leads |
| 44 |
> me to this question. Is there a tool I can use/install that will test a |
| 45 |
> password, try to crack it if you will, that will work regardless of the |
| 46 |
> characters used? In other words, it doesn't mind the things on top of |
| 47 |
> the number keys. |
| 48 |
> |
| 49 |
> BTW, I've also whittled it down to something a little easier to type |
| 50 |
> too. Feel sorry for any poor fool trying to just guess it. lol May |
| 51 |
> have better luck with P vs NP. ;-) |
| 52 |
> |
| 53 |
> Thanks. |
| 54 |
> |
| 55 |
> Dale |
| 56 |
> |
| 57 |
> :-) :-) |
| 58 |
|
| 59 |
I've used app-crypt/johntheripper in the distant past, but you'll need a good |
| 60 |
word list for it to be useful. Some of the wordlists I had found at the time |
| 61 |
were too big to download over dial-up! :p |
| 62 |
|
| 63 |
-- |
| 64 |
Regards, |
| 65 |
Mick |
Archives