John the Ripper

Summary

John the Ripper is a password cracker for UNIX, DOS, and Win32 systems. Its purpose is to detect easily guessable and non-existant passwords on user accounts.

URL: http://www.openwall.com/john/

Details

The systems where John is useful:

John can crack the following password ciphers: standard and double-length DES-based, BSDI's extended DES-based, FreeBSD's (and not only) MD5-based, and OpenBSD's Blowfish-based. It can also crack AFS passwords and Win NT LanMan hashes given a command line option.

Password cracking modes:

Wordlist Mode: This is the simplest mode John supports. John checks passwords against a wordlist file and optionally tries permutations of those words.

Single Crack Mode: In this mode, John gets account information on each user and uses pieces of it as passwords to try. For example, suppose the user account "leblanc" is owned by Patrick LeBlanc. John would try Patrick, LeBlanc, PaTrIcK, PaTRicK, and other permutations of information associated with leblanc to crack leblanc's password.

Incremental Mode: Also known as a brute force attack. Given a character set, John will try every combination of those characters up to 8 characters long.

External Mode: John's user can write pseudo-C functions that John uses to generate the words it tries. See the documentation for the details.

Notes

Pros:

• it is as thorough as the user running it wants it to be
  • user can make a custom wordlist file
  • user can specify permutation rules
  • user can write their own list generators
• more options compared to similar password crackers
• patches are available to extend its cracking capabilites

Cons:

• sparse documentation. Some experimentation will be necessary.

Rating: Recommended. A password checker should be a part of any security administrator's toolkit especially on systems without a good password validation mechanism.

Classification

• Static or dynamic: static
• Modified library or instrumenting: N/A
• Testing or production env: production
• Opaque or clear or cloudy view of the system: N/A
• List-based or heuristic: can be both depending on the options
• Conservative or liberal: liberal
• Concurrent or stand-alone: N/A
• Alert or advice: alert

Evaluated by Patrick LeBlanc on 7-17-00