Am 05.02.19 um 10:55 schrieb Mick: > On Tuesday, 5 February 2019 06:48:53 GMT Dale wrote: > >> Sort of picking a random message to reply to here. Someone sent a reply >> off list about checking passwords on my system with tools available. >> They also mentioned not trusting strength meters which I can get since >> they pass some obvious passwords. I used three meters and some sort of >> common sense as well. I found cracklib-check after some digging. I >> used that to try to check my password and get this weird response. >> >> -su: me-supper-secret-password-here;): event not found >> >> I'm going to try to emulate my password without actually posting it, for >> obvious reasons. You all are smart enough to understand why. ROFL It >> has some of the following 'stuff' in it. !sdER*ark4567# As you can >> tell, I use some of those things on the tops of the number keys. It >> seems that confuses cracklib just a bit. BTW, I was running that as >> root just to be sure it wasn't a permissions issue. I tried a few >> different things but it seems the "!" is triggering that at least, maybe >> others too. The command works fine with just normal stuff. > Hmm ... I don't get such problem here, when I run cracklib as a plain user: > > $ cracklib-check > password > password: it is based on a dictionary word > p4ssw0rd > p4ssw0rd: it is based on a dictionary word > p477w0rd > p477w0rd: OK > !sdER*ark4567# > !sdER*ark4567#: OK > helloworld > helloworld: OK > reallysecurepassword > reallysecurepassword: OK > > LOL! > > Could it be something to do with your terminal/shell? I've run the above > with > bash in a urxvt terminal. > > >> That leads >> me to this question. Is there a tool I can use/install that will test a >> password, try to crack it if you will, that will work regardless of the >> characters used? In other words, it doesn't mind the things on top of >> the number keys. >> >> BTW, I've also whittled it down to something a little easier to type >> too. Feel sorry for any poor fool trying to just guess it. lol May >> have better luck with P vs NP. ;-) >> >> Thanks. >> >> Dale >> >> :-) :-) > I've used app-crypt/johntheripper in the distant past, but you'll need a good > word list for it to be useful. Some of the wordlists I had found at the time > were too big to download over dial-up! :p > A good password also has to be memorizable. See:
https://xkcd.com/936/ Mit freundlichen Grüßen, -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein
signature.asc
Description: OpenPGP digital signature
