LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Using Crack 5.0

[ILUG] Using Crack 5.0

John P. Looney jplooney-ilug at online.ie
Mon Nov 29 15:22:50 GMT 1999 

On Mon, Nov 29, 1999 at 03:12:51PM -0000, subb3 at ibm.net mentioned:
> I have downloaded the latest Crack 5.0. When I run,
> $ Crack /etc/passwd
> or
> $ Crack /etc/shawdow
> I get lots of output, that seem to suggest, it is trying to do some "make".
> Here is the tail end of the output.
> 
> ===========================================
> make[1]: Leaving directory `/usr/local/tools/c50a/src/util'
> Crack: The dictionaries seem up to date...
> Crack: Sorting out and merging feedback, please be patient...
> Crack: Merging password files...
> Crack: Creating gecos-derived dictionaries
> mkgecosd: making non-permuted words dictionary
> mkgecosd: making permuted words dictionary
> Crack: launching: cracker -kill run/Kstar.12202   
> Done
> ===========================================
> 
> The Crack does not try to crack my passwords. Am I invoking Crack with
> the wrong syntax? How can I test the password qualities of my users?

 It is working actually. It's running cracker in the background. Check it
yourself with top. I don't remember what the files are called, but it makes
logs of what it's doing in a subdirectory of the main directory. Go
hunting.

 If you have PAM installed (which most recent distros use) you should have
a file /etc/pam.d/passwd. This is the PAM config file for the passwd
program. If it contains the line:

password   required /lib/security/pam_cracklib.so retry=3

 It'll try and use cracklib to crack the password when the password is made
- this is a lot more effective than running crack after the passwords are
crypted or MD5'd (which isn't a brilliant idea).

 If you are worried about user password security, verify that pam_cracklib
is in use, and make sure you are using MD5'd shadow password files. Then,
the chances of someone causing a security breach is two orders of magnitude
smaller than the chance of someone asking a user for their password, and
getting it.

Kate

-- 
Microsoft. The best reason in the world to drink beer.
http://www.redbrick.dcu.ie/~valen

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell