Professional Documents
Culture Documents
ISS
PROJECT
Kshitij Gupta : 2021IMT-056
Pranav Pawar : 2021IMT-074
Neeraj Nagure : 2021IMT-067
2. Features
3. Use Cases
4. Counter Measures
6. Implementation
INTRODUCTION
What is John the Ripper?
Password Cracking: John the Ripper can crack password hashes using
various techniques.
It supports a range of hashing algorithms like MD5, SHA-1, and more.
Customizable: Users can configure it for specific cracking scenarios.
Performance: Known for its speed and efficiency.
System Compatibility -
various salted hash types. For example, if you have salted SHA-256 hashes,
John the Ripper will use the appropriate format to handle them.
Research and Development: Researchers and security experts can use John the
Ripper to study and analyze password security, as well as to develop and test
new password-cracking techniques and defenses.
Penetration Testing: Ethical hackers and penetration testers use John the
Ripper to test the security of systems and networks by attempting to crack
passwords. This helps identify potential vulnerabilities and weak points in the
security infrastructure.
Uses
Password Recovery: John the Ripper can be used to recover lost or forgotten
passwords, such as when someone needs to regain access to their own account
or data.
Security Training and Education: John the Ripper can be used as a teaching
tool in security training and education to demonstrate password security
concepts, the effectiveness of strong passwords, and the techniques used by
attackers.
COUNTER MEASURES Strong Password Policies
Complexity: Promote complex, non-dictionary-based passwords.
Length: Encourage longer passwords (at least 12 characters).
Hashing Algorithms
Use Strong Algorithms: Choose bcrypt, scrypt, or PBKDF2 over weaker
ones like MD5 or SHA-1.
Slow Hashing: Slow down the hashing process to deter cracking attempts.
Whole disk encryption can prevent an intruder from accessing the OS and
passwords stored on the system.
Versatility: John the Ripper is known for its versatility and the wide range of
password hashes and encryption algorithms ( SHA ,MD5 ,Bcrypt ,etc) it can
Advantages of JTR
crack. Moreover it can crack hashes for a variety of files types such as .zip,. rar,
.pdf , office files and many more.
From the initial days of Unix, passwords were stored in a file called as
/etc/password. And a major loophole in this single file, is that the file is
world readable. Which means any user in the system can read that file
User password in Linux