On Tuesday, 5 February 2019 06:48:53 GMT Dale wrote: > Sort of picking a random message to reply to here. Someone sent a reply > off list about checking passwords on my system with tools available. > They also mentioned not trusting strength meters which I can get since > they pass some obvious passwords. I used three meters and some sort of > common sense as well. I found cracklib-check after some digging. I > used that to try to check my password and get this weird response. > > -su: me-supper-secret-password-here;): event not found > > I'm going to try to emulate my password without actually posting it, for > obvious reasons. You all are smart enough to understand why. ROFL It > has some of the following 'stuff' in it. !sdER*ark4567# As you can > tell, I use some of those things on the tops of the number keys. It > seems that confuses cracklib just a bit. BTW, I was running that as > root just to be sure it wasn't a permissions issue. I tried a few > different things but it seems the "!" is triggering that at least, maybe > others too. The command works fine with just normal stuff.
Hmm ... I don't get such problem here, when I run cracklib as a plain user: $ cracklib-check password password: it is based on a dictionary word p4ssw0rd p4ssw0rd: it is based on a dictionary word p477w0rd p477w0rd: OK !sdER*ark4567# !sdER*ark4567#: OK helloworld helloworld: OK reallysecurepassword reallysecurepassword: OK LOL! Could it be something to do with your terminal/shell? I've run the above with bash in a urxvt terminal. > That leads > me to this question. Is there a tool I can use/install that will test a > password, try to crack it if you will, that will work regardless of the > characters used? In other words, it doesn't mind the things on top of > the number keys. > > BTW, I've also whittled it down to something a little easier to type > too. Feel sorry for any poor fool trying to just guess it. lol May > have better luck with P vs NP. ;-) > > Thanks. > > Dale > > :-) :-) I've used app-crypt/johntheripper in the distant past, but you'll need a good word list for it to be useful. Some of the wordlists I had found at the time were too big to download over dial-up! :p -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
