People should be really careful with their passwords. Because passwords are created for a reason. To make computers and systems secure so people cannot just waltz into computer systems and compromise the users’ personal privacy and financial transactions. Passwords need to be secure and complicated to make it difficult for hackers to crack. Make them sweat, make them actually work for their money even if they’re armed with powerful password crackers like Hydra and John the Ripper.
What is John the Ripper?
John the Ripper as mentioned is a password cracking tool initially designed for Unix systems but is now an open-source, multi-platform password security auditing and password recovery tool. As an audit tool, it can determine if users are using weak passwords. Because humans by nature don’t like complicated, and simple passwords are a big security risk. Also, let’s face it. These tools are a double-edged sword used by both cybersecurity professionals to secure and black hat cyber-criminals to crack passwords with.
John the Ripper is an open-source tool maintained by the OpenWall Project. John the Ripper has two types. The free open-source version and the premium feature-rich John the Ripper Pro. John the Ripper remains popular for its ability to crack hashed passwords. The tool cracks passwords through dictionary attacks using specified wordlists, as well as by via brute force technique. The tool is popular for being free, effective, and easy to use.
History of John the Ripper
John the Ripper is the follow-up to the popular DOS-based password cracking tool Cracker Jack in the mid-90s. John the Ripper was developed by a developer named Alexander as the answer to Cracker Jack being unmaintained for years and was not optimized for the new x86 CPUs. John the Ripper was released in 1996 optimized for the Intel 80486 processor and later the original Pentium. Unlike Cracker Jack, John the Ripper was made open source by 1997 and found its way into more Unix-like systems but has been available for Unix soon after first release. Much of the code was re-written and optimized in 1998 at version 1.5. Current stable release was last April 2019 at version 1.9.
As mentioned, John the Ripper is a multi-platform tool available for Unix, Linux, MacOS, and Windows. It can crack passwords for systems, web apps, archive files, PDFs and protected Microsoft Office files. John the Ripper can be used to decipher the hashed accounts and passwords of hacked systems that come in the form of file dumps sold or spread by hackers. Other hackers in turn decipher these dumps and make use of them to get into their target systems.
Dictionary Attack or Wordlist Mode
Account hashes can come in various formats and John the Ripper can intelligently determine them, or the user can instruct the program on which hash format to use. Now the program does not really guess the password itself from the hashes, John hashes pre-listed passwords that come from wordlists and compares them with those hashes. The pre-listed passwords or wordlist can be defined by the hacker or taken from leaked data dumps from breaches.
Brute Force Attack or Incremental Mode
John the Ripper can also be configured to work in Incremental mode where it will try to guess a file or system password using a configuration specifying certain word-character-symbol combinations which would require some expertise to be effective and less time-consuming (as it is a time-consuming process).
Is similar to a dictionary attack wherein a list of leaked hashed accounts is compared against another pre-pre-hashed set of leaked passwords, which results in a faster process compared to brute force.
Conclusion So, in cases like these, it does help to have complicated passwords as it takes time for hackers to crack them even if they have their own password lists. But if your passwords are taken from breached websites, especially ones that keep those passwords in plain text, the real solution is to change your passwords regularly. An unfortunately difficult task if you’re forced to create complicated ones.