Web lists-archives.com

Re: Password policy.




	Hi.

On Tue, Nov 13, 2018 at 04:47:39PM -0500, Gene Heskett wrote:
> On Tuesday 13 November 2018 14:01:51 Reco wrote:
> 
> > On Tue, Nov 13, 2018 at 12:49:17PM -0500, Gene Heskett wrote:
> > > On Tuesday 13 November 2018 11:23:13 peter@xxxxxxxxxxx wrote:
> > > > Hi,
> > > >
> > > > https://www.debian.org/doc/manuals/debian-reference/ch04.en.html#_
> > > >good _password specifies "6 to 8 characters".  Is that adequate
> > > > against currently available brute force?
> > > >
> > > > Thanks,                                  ... Peter E.
> > >
> > > "John the ripper" can find a 6 char word in a couple seconds on a
> > > slow machine.
> >
> > Against sha512? Or against old Unix crypt? There's a difference, and
> > it's measured in orders of magnitude, not times.
> >
> > Reco
> 
> I don't recall as it been a decade or more since I saw that article

So it's either crypt or md5. Debian moved away from both long time ago.
John's too slow for today's hashes as it only utilizes CPU.
If you really need to bruteforce that password you use hashcat - GPU
based.

Reco