Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A friend who loves Micro$hit and who beleaves tha he is a hacker, said that linux is less secure tah windows. I obviously laughed and know we had bet 10 € (it's not too much but it's the honour what pains the most).
He has lost the bet, because i had troyaned his pc without many efforts. But he keeps saying that he will get my root password using John the Ripper. Obviously he will never get my pass file. But that program has awaken my curiosity.
I'm testing it with my root pass using incremental mode but the result is quite strange.
In incremental mode, it must try: a - b - c ... aa - ab ac (doesn't it?)...But it tries strange (random?) passwords.
Another question: what does c/s mean?
and the last one: how do i do to use incremental mode with numbers and letters but no special chars?
well, this program is absolutely unusefull unless u have a 10 double-g5 cluster. I made some calculations and it'd take 3500 years to get a 8 chars pass checking letters number and some special chars (95 chars in total). I think i won't live that much
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238
Rep:
actually I disagree with your timetables. We have used the ripper in the past against our corporate sam database and it cranked throught it dumping out tons of passwords 8 character alpha mixed in less than 24 hours. Machines these days have a lot of processing power....throw your /etc/passwd on a dual 64bit G5 mac and it would take probably 5 mins.....
I think I've used it before on a windows machine... (if it wasn't that one it was one similar) and most 8 character passwords it would find within 24 hours.
The one I used was an inside job tool. They have to have access to get the passwd/shadow file. You aren't giving him the password/shadow file are you?
ok, i'll wait a bit more. I've tested it on a p2 300 mhz, a k7 700mhz and a p4 2ghz.
I only can try it during a long time is the p2 300 mhz, but i think that the diference can't be mora than one day (the p4 just doubled (well, a bit mora than the double) the c/s amount, the diference is not too high.)
cya!
ps: no! i didnt gave that to him... well, he doesn't even know what that is xDDD.
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238
Rep:
oh yeah a 300mhz is nothing compared to a 2ghz or more machine. RAM is also crucial. I have a minimum of 1GB in my machines and it makes all the difference.
Yeah DES is the default but you can have MD5 which apparently Slack 9 seems to have for root but not the other users... I dunno i could be wrong but root is the only user on my box whose hash starts with $1.
MD5 is 128 bit encryption while DES is only 56 bit so it would take a lot longer to crack MD5. MD5 is technically only 64 bits because it is vulnerable to collision attacks where if you search for 2 random hashes that have the same hash value (birthday paradox) you can reduce it from 128 bits to 64 bits. But even then it is still more secure than DES's 56 bits.
"¬¬
Maby win2k sp4 is abit more secure than most linux... but waht aborut win2k sp1, sp2, sp3, or win XP or 98...
While the linux kernel might not be the most secure in the world, the windows kernel is obviously worse.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.