1 |
Am 05.02.19 um 10:55 schrieb Mick: |
2 |
> On Tuesday, 5 February 2019 06:48:53 GMT Dale wrote: |
3 |
> |
4 |
>> Sort of picking a random message to reply to here. Someone sent a reply |
5 |
>> off list about checking passwords on my system with tools available. |
6 |
>> They also mentioned not trusting strength meters which I can get since |
7 |
>> they pass some obvious passwords. I used three meters and some sort of |
8 |
>> common sense as well. I found cracklib-check after some digging. I |
9 |
>> used that to try to check my password and get this weird response. |
10 |
>> |
11 |
>> -su: me-supper-secret-password-here;): event not found |
12 |
>> |
13 |
>> I'm going to try to emulate my password without actually posting it, for |
14 |
>> obvious reasons. You all are smart enough to understand why. ROFL It |
15 |
>> has some of the following 'stuff' in it. !sdER*ark4567# As you can |
16 |
>> tell, I use some of those things on the tops of the number keys. It |
17 |
>> seems that confuses cracklib just a bit. BTW, I was running that as |
18 |
>> root just to be sure it wasn't a permissions issue. I tried a few |
19 |
>> different things but it seems the "!" is triggering that at least, maybe |
20 |
>> others too. The command works fine with just normal stuff. |
21 |
> Hmm ... I don't get such problem here, when I run cracklib as a plain user: |
22 |
> |
23 |
> $ cracklib-check |
24 |
> password |
25 |
> password: it is based on a dictionary word |
26 |
> p4ssw0rd |
27 |
> p4ssw0rd: it is based on a dictionary word |
28 |
> p477w0rd |
29 |
> p477w0rd: OK |
30 |
> !sdER*ark4567# |
31 |
> !sdER*ark4567#: OK |
32 |
> helloworld |
33 |
> helloworld: OK |
34 |
> reallysecurepassword |
35 |
> reallysecurepassword: OK |
36 |
> |
37 |
> LOL! |
38 |
> |
39 |
> Could it be something to do with your terminal/shell? I've run the above with |
40 |
> bash in a urxvt terminal. |
41 |
> |
42 |
> |
43 |
>> That leads |
44 |
>> me to this question. Is there a tool I can use/install that will test a |
45 |
>> password, try to crack it if you will, that will work regardless of the |
46 |
>> characters used? In other words, it doesn't mind the things on top of |
47 |
>> the number keys. |
48 |
>> |
49 |
>> BTW, I've also whittled it down to something a little easier to type |
50 |
>> too. Feel sorry for any poor fool trying to just guess it. lol May |
51 |
>> have better luck with P vs NP. ;-) |
52 |
>> |
53 |
>> Thanks. |
54 |
>> |
55 |
>> Dale |
56 |
>> |
57 |
>> :-) :-) |
58 |
> I've used app-crypt/johntheripper in the distant past, but you'll need a good |
59 |
> word list for it to be useful. Some of the wordlists I had found at the time |
60 |
> were too big to download over dial-up! :p |
61 |
> |
62 |
A good password also has to be memorizable. See: |
63 |
|
64 |
https://xkcd.com/936/ |
65 |
|
66 |
|
67 |
Mit freundlichen Grüßen, |
68 |
|
69 |
-- |
70 |
|
71 |
[*] sys4 AG |
72 |
|
73 |
https://sys4.de, +49 (89) 30 90 46 64 |
74 |
Schleißheimer Straße 26/MG,80333 München |
75 |
|
76 |
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 |
77 |
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief |
78 |
Aufsichtsratsvorsitzender: Florian Kirstein |