Nuts and bolts John the Ripper

Checking password complexity with John the Ripper

Lock Down

"Easy to remember but difficult to guess" isn't just a catchy phrase for choosing passwords, it's the law of the Net. Learn how to check your password using a tool network intruders use every day: John the Ripper. By Ken Hess

Password policies designed by well-meaning system administrators dictate the required number of characters and the complexity of passwords, but is that enough to protect user accounts from hackers? Users are told to create passwords that are "easy to remember but hard to guess." They're instructed to choose passwords that contain upper- and lowercase letters and include numbers and alternative characters. And, users are discouraged from using the same password for every account. The question is, "Is all that complexity enough to protect you from hackers?" The answer, to further complicate matters, is "Yes" and "No."

"Yes" because complex passwords prevent a hacker from guessing your password either across the network or locally on a system. Random password guesses result in account lockout after a limited number of incorrect attempts. This lockout triggers intruder detection alerts and notifies administrators that something suspicious has happened.

"No" because an intruder who has attained administrative access can use some powerful tools to crack the passwords on your system. The hacker will save a system's password and shadow files to a remote location. This procedure allows the hacker to crack the passwords in the safety and leisure of his own computer lab.

Once the hacker collects a system's password files, he can take advantage of password attack options at his disposal. To decrease the amount of time taken to crack passwords, hackers will first try dictionary word matches.

Most users opt for simple, dictionary-type passwords, which make a hacker's life easy, and the return on investment for checking a password hash file against a password dictionary is very high. A hacker can recover dictionary-based passwords in minutes, whereas a brute force attack can take days.

Brute force is a single-character-at-a-time attack on a password file. With a powerful computer and enough time, no password can escape the hacker's relentless attack. Time is important when cracking passwords because the hacker knows that once the victim discovers the compromise, new security measures and password changes rapidly go into effect.

Strong vs. Weak

System administrators need to audit passwords periodically, not only to make sure they comply with password policies, but to ensure that those that do aren't simple enough to be guessed by an outsider.

For example, if a user chooses to use the password MarklarCo2563, you might conclude that this is a strong password – it is for someone who isn't employed by The Marklar Company at 2563 Snarkish Way. This is a weak password because it's easily guessed by a hacker attempting to break into The Marklar Company. Similarly, users also wouldn't want to select a password by simply reversing the company name to RalKram2563.

Hackers are too smart for such low-level trickery as using company name permutations for passwords. As one of their first passes at cracking a password hash, they'll use a regular expression attack with the name of the company.

One tool that hackers use to crack recovered password hash files from compromised systems is John the Ripper (John). John is a free tool from Openwall [1]. System administrators should use John to perform internal password audits. It's a small (<1MB) and simple-to-use password-cracking utility.

Using John the Ripper

To get started, you can download and install John from your Linux repository, compile and install from source, or, for Windows, download and install from Openwall's website.

John the Ripper is a command-line utility that does not require administrative or root privileges to run against a password hash file. However, you will need administrative privileges to obtain password hash files from your systems.

Before you begin attempting password cracks, you should check the efficiency of John on your system by running it in test mode (Listing 1). The report tells you how many username/password combinations per second (c/s) your system will theoretically run for each password hash encryption type.

Listing 1: John the Ripper in Test Mode

01 $ john -test
02 Benchmarking: Traditional DES [64/64 BS]... DONE
03 Many salts:     1300K c/s real, 1300K c/s virtual
04 Only one salt:  1169K c/s real, 1169K c/s virtual
05
06 Benchmarking: BSDI DES (x725) [64/64 BS]... DONE
07 Many salts:     45898 c/s real, 45898 c/s virtual
08 Only one salt:  45108 c/s real, 45186 c/s virtual
09
10 Benchmarking: FreeBSD MD5 [32/64 X2]... DONE
11 Raw:    10995 c/s real, 10995 c/s virtual
12
13 Benchmarking: OpenBSD Blowfish (x32) [32/64 X2]... DONE
14 Raw:    723 c/s real, 723 c/s virtual
15
16 Benchmarking: Kerberos AFS DES [48/64 4K]... DONE
17 Short:  378501 c/s real, 378501 c/s virtual
18 Long:   1063K c/s real, 1063K c/s virtual
19
20 Benchmarking: LM DES [64/64 BS]... DONE
21 Raw:    8214K c/s real, 8214K c/s virtual
22
23 Benchmarking: NT MD4 [Generic 1x]... DONE
24 Raw:    10635K c/s real, 10635K c/s virtual
25
26 Benchmarking: Eggdrop [blowfish]... DONE
27 Raw:    23744 c/s real, 23744 c/s virtual
28
29 Benchmarking: M$ Cache Hash [Generic 1x]... DONE
30 Many salts:     16035K c/s real, 16035K c/s virtual
31 Only one salt:  6089K c/s real, 6089K c/s virtual
32
33 Benchmarking: LM C/R DES [netlm]... DONE
34 Many salts:     480447 c/s real, 480998 c/s virtual
35 Only one salt:  470213 c/s real, 470213 c/s virtual
36
37 Benchmarking: NTLMv1 C/R MD4 DES [netntlm]... DONE
38 Many salts:     680893 c/s real, 680893 c/s virtual
39 Only one salt:  638402 c/s real, 638402 c/s virtual
40
41 Benchmarking: More Secure Internet Password [RSA MD defined by BSAFE 1.x - Lotus v6]... DONE
42 Many salts:     64806 c/s real, 64806 c/s virtual
43 Only one salt:  38381 c/s real, 38381 c/s virtual
44
45 Benchmarking: Lotus5 [Lotus v5 Proprietary]... DONE
46 Raw:    130745 c/s real, 130745 c/s virtual
47
48 Benchmarking: Raw MD5 [raw-md5]... DONE
49 Raw:    5455K c/s real, 5455K c/s virtual
50
51 Benchmarking: Raw SHA-1 [raw-sha1]... DONE
52 Raw:    3749K c/s real, 3753K c/s virtual
53
54 Benchmarking: IPB2 MD5 [Invision Power Board 2.x salted MD5]... DONE
55 Many salts:     2933K c/s real, 2933K c/s virtual
56 Only one salt:  1733K c/s real, 1733K c/s virtual
57
58 Benchmarking: Netscape LDAP SHA [SHA-1]... DONE
59 Raw:    3667K c/s real, 3667K c/s virtual
60
61 Benchmarking: OpenLDAP SSHA [salted SHA-1]... DONE
62 Many salts:     3720K c/s real, 3720K c/s virtual
63 Only one salt:  3416K c/s real, 3416K c/s virtual
64
65 Benchmarking: HTTP Digest access authentication [HDAA-MD5]... DONE
66 Many salts:     1419K c/s real, 1419K c/s virtual
67 Only one salt:  1377K c/s real, 1377K c/s virtual

On Linux systems that use shadow passwords, do the following to create a combined password hash file from your system's passwd and shadow files:

$ sudo john unshadow /etc/passwd /etc/shadow > passfile.txt

The passfile contains username:encrypted password pairs:

root:$1$gb9R8hhhcES983e
khess:$50anHnciUcp02u82

Once you have created the password hash file, you then can direct John to launch one of several different "modes" against your password hashes. The first mode is a quick crack attempt using the supplied password list file, password.lst. This list contains more than 3,000 commonly used passwords (Listing 2).

Listing 2: Cracking with the Password List File

01 $ john -wordlist:password.lst passfile.txt
02 Loaded 2 passwords with 2 different salts (FreeBSD MD5 [32/64])
03 admin            (root)
04 t-bone           (khess)
05 guesses: 2  time: 0:00:00:00 100%  c/s: 4408  trying: t-bone

This dictionary-based attack took less than one second to extract the root password (admin) and my user password (t-bone) from the password hash file. The password dictionary file used is the standard password.lst file that is packaged with John, but many more exist. A skilled hacker will use a huge password dictionary file containing thousands of possible passwords or use more than one password dictionary file to attempt an easy grab before resorting to a brute force attack.

The next fastest mode is to use the single-crack mode. This mode uses a simple rules-based algorithm and a small word list (Listing 3).

Listing 3: Cracking in Single-Crack Mode

01 $ john -single passfile.txt
02 Loaded 2 password hashes with 2 different salts (FreeBSD MD5 [32/64 X2])
03 guesses: 0  time: 0:00:00:01 100%  c/s: 9433  trying: hken1900

Finally, the brute force attack might be your only refuge if passwords are more complex. The sub-modes allow you to specify which type of algorithms to use for the attack. Your choices are:

alpha – Letters only.
digits – Numbers only.
lanman – Letters, numbers, and some special characters.
all – All possible characters.

You can check on John's progress during a crack attempt by pressing the spacebar to view the elapsed time, combinations per second, and most recent combinations.

Listing 4 is a brute force incremental attack that shows three checks during an ongoing crack session. At the time of these checks, the crack session had run for more than one full day. The two passwords the system is attempting to crack are:

root:Hoobastank
khess:R@scal
You can see that at more than 10,000 c/s, these passwords aren't easily cracked by brute force.

Listing 4: Cracking the Brute Force Way

01 $ john -incremental:lanman passfile.txt
02 Loaded 2 passwords with 2 different salts (FreeBSD MD5 [32/64])
03 guesses: 0  time: 1:04:04:08 (3)  c/s: 10927  trying: gmugoky - gmugok2
04 guesses: 0  time: 1:09:25:10 (3)  c/s: 10929  trying: SAgof2 - SAgofs
05 guesses: 0  time: 1:10:21:23 (3)  c/s: 10930  trying: topoua b - topoua f

Conclusions

Eventually, any password can be cracked. Your job is to make it so difficult for the hacker that he gives up and moves on to easier prey. He won't enjoy tying up resources for more than a few hours. Using very strong passwords buys you the time necessary to secure your systems, plug the hacker-exploited security hole(s), and force a password change in your environment.

As a system administrator, you must educate users on how to create good passwords and educate your management on establishing and enforcing password policies according to the following guidelines. Passwords must:

contain at least 10 characters,
use mixed-case letters,
use numbers,
use special characters, and
not use dictionary words unless they are part of a passphrase.

A great example of a passphrase is:

Stopping.by.the.w00ds.on.@.snowy.even1ng

Passphrases that are sufficiently long and that include special characters and numbers are very difficult to crack. Your prime directive as a system administrator is to protect your systems. Very strong passwords are but one method to that end. Although you can't stop passwords from being cracked, you can make the process very slow and unpleasant for the hacker when he returns to take further advantage of your compromised system. Strong passwords might be a pain for users, but they will be even more painful for hackers who want to steal data and wreak havoc on your systems. Don't make it easy for them.