Web lists-archives.com

Re: Password policy.




peter@xxxxxxxxxxx wrote: 
> *	From: Gene Heskett <gheskett@xxxxxxxxxxx>
> *	Date: Tue, 13 Nov 2018 12:49:17 -0500
> > "John the ripper" can find a 6 char word in a couple seconds on a slow 
> > machine.
> 
> We refer to two completely different processes or I completely miss 
> the point. After an incorrect password is submitted, the 
> authentication process waits a few seconds before allowing another 
> try.  Therefore if "John the ripper" is to success in two seconds, the 
> correct pw must be submitted on the first try.  That might happen once 
> in an astronomical number of different authentications but not 
> frequently.  ... Unless magic is involved.  (?)

No magic. The login process has delays built in to it. John The
Ripper does its own comparison against the value of the hash
stored in /etc/shadow, not actually invoking login.

-dsr-