---

Checking Password Complexity with John the Ripper

[ Thanks to Ken Hess
for this link. ]

“Brute force is a single-character-at-a-time attack on a
password file. With a powerful computer and enough time, no
password can escape the hacker’s relentless attack. Time is
important when cracking passwords because the hacker knows that
once the victim discovers the compromise, new security measures and
password changes rapidly go into effect.

“System administrators need to audit passwords periodically, not
only to make sure they comply with password policies, but to ensure
that those that do aren’t simple enough to be guessed by an
outsider.

“For example, if a user chooses to use the password
MarklarCo2563, you might conclude that this is a strong password.
It is a strong password for someone who isn’t employed at The
Marklar Company at 2563 Snarkish Way. This is a weak password
because it’s easily guessed by a hacker attempting to break into
The Marklar Company. Similarly, users also wouldn’t want to select
a password by simply reversing the company name to
RalKram2563.”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis