[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: identifying weak passwords



Thanks you very much.
My passwords are SSHA encoded so I compiled a patched JtR.
Just for the record, I first used ldapsearch to export the
userid:userPassword tuples in a file and was trapped by
the base64 encoding of SSHA passwords.
Using the Net::LDAP perl module to generate this file works great.

Regards,
Thierry.

On Wednesday 06 December 2006 15:25, Cleber P. de Souza wrote:
> Another option is export you ldap user password on the form
> userid:userPassword for a file and use John the Ripper to try crack
> them.
> Weaks passwords are shown on few minutes.
> If your password is on SSHA format, you'll need apply a patch on the JtR.
>
> On 12/4/06, Thierry Lacoste <lacoste@univ-paris12.fr> wrote:
> > I'm running OpenLDAP 2.3.24 on a production server.
> > As I was in a hurry and discovering LDAP when I installed it,
> > I didn't enforce any password policy.
> >
> > Now I would like to identify weak passwords to warn their
> > users. What are my options?
> >
> > Best regards,
> > Thierry.