John the Ripper was originallydeveloped for Unix operating systems but is now available for several operatingsystems (“John the Ripper password cracker”) and is mostly written in C (“Openwall-John the Ripper”).
Johnwas developed by Alexander Peslyak, also known as Solar Designer, who is a Russiansecurity expert and open source software designer. He is the Founder and ChiefTechnology Officer at Openwall and has been working in the field ofcybersecurity since 1997 (Solar, “Alexander Peslyak’s Bio”). John is part of Openwall, which is a source for various opensource security software. Openwall publishes articles, and providespresentations and other professional services including remote informationsecurity consulting and source code reviews for vulnerabilities (“Openwall services”).As mentioned in a previous section, Openwall also maintains wordlistcollections that can be used with John the Ripper and other password crackingtools (“Openwall wordlists collection”). John is available in differentversions including a pro version, an official free version and a communityenhanced version. For this paper I downloaded the John the Ripper 1.
7.9 Windowsbinaries (“John the Ripper Password Cracker”). Graphicaluser interfaceJohn can be used with a command line interface or a Graphical userinterface (GUI). A GUI named Johnny was developed for the use of John theRipper. Johnny runs on all major desktopplatforms. It allows the user to operate John the Ripper’s attack modes in aninterface that is simple to use.
Johnny is an open source GUI designed by Shinnok and implemented by AlekseyCherepanov as part of GSoC 2012 (Google Summer of Code). The developmentstarted as part of the Summer of Security 2011. Johnny was improved by MathieuLaprise as part of GSoC 2015. The goal of Johnny is to automate and simplifypassword cracking using John the Ripper. Johnny adds improved hash and passwordworkflow, multiple attacks and session management, visual feedback, and more.Johnny further allows the user to manually guess passwords by using the guess-function(Aleksey).
UseJohn supports a variety ofdifferent hash types that are used for password hashing. Hashing differs fromregular encryption in that it is not reversible. It takes a readable file orpassword and converts into a cipher. When a password is entered, a hash valueis created and compared to the password hash stored in the password file.
Ifthe two hashes match, the validity of the password is verified (Greenberg). Thehash types supported by John include traditional DES-based, md5 format,BDSI crypt, Big crypt, bcrypt, LanMan and others. (Solar, “Sample Password Hash Encoding Strings”) John supports different cracking modes, includingsinglecracking mode, incremental mode, external mode, wordlist mode, and a defaultcracking mode.
Those modes can be easily selected using the Johnny GUI or canbe manually specified using the command line interface. Both, the GUI and thecommand prompt interface support almost all the same functions. When using wordlist mode, the user can specify a wordlist, whichcontains one word per line and consists of a list of common passwords. Over the past years, systems have been cracked andpasswords of millions of users have been captured and stored. Using those listsimproves the chances of successfully cracking a password.
The user canalso enable word mangling rules which modify words to produce other likelypasswords. Wordlists are often sorted based on likely candidate passwords onthe top or alphabetically. Sorting wordlists alphabetically allows John to runslightly faster due to similarity in words from one to the next. Single cracking mode uses login names, user’s home directorynames, and GECOS fields as possible passwords. GECOS fields are entries in the/etc/passwd file that contain information about the user account. Single crackmode is faster than wordlist mode and it can use a larger set of word manglingrules to create more possible passwords. Running many password filessimultaneously may sometimes get more passwords cracked than running individualpassword files separately because more hashes can be compared simultaneously (“Johnthe Ripper – Cracking Modes”).
Incremental mode is the most powerful mode. It can try allpossible character combinations as passwords. Incremental mode requiresspecific definitions for the mode’s parameters including password length limitsand charset.
A user can either use a pre-defined incremental mode or define acustom one. There are several pre-defined incremental modes, including”ASCII” (all 95 printable ASCII characters) and “LM_ASCII” forthe use on LM hashes (“John the Ripper – Cracking Modes”). An external cracking mode can be defined to be used with John theRipper. External mode is the most flexible because the user can define his owncode to generate possible password (“John the Ripper – Cracking Modes”). Maskmode is a way to produce possible password given a “mask” that describes whatthe words should look like. Markovmode creates word-like strings based on an algorithm based using rules like thelikeliness of characters following other certain characters. There are different pages that can be used to create passwordhashes. I used the page http://sherylcanter.
com/encrypt.php which lets the user create DES-hashes and Md5-hashes for apassword. To demonstrate how to use John, I created a password file called “password.
txt”,in which I copied and pasted several password hashes. When using thecommand prompt, there are several options on how to use John. Typing “John”will give the user a list of all the options and functions that John provides.John’s default cracking mode using the command “john password.
txt” will use”single crack” mode, then use a wordlist and then “incremental” mode. John hasa default wordlist called “password.lst”. Cracking modes, wordlists, and password files can all be specifiedusing the command prompt. John also lets the user check the status of a runningsession and continue interrupted sessions.
When a password file containsseveral different types of hashes, the user can specify specific formats in thecommand prompt. One example is “john –format=descrypt password.txt” to crack thepasswords using DES crypt. Whenpasswords are cracked they are stored in “$JOHN/john.pot”.
To display thecontent of pot file we use the command “john –show password.txt” in the commandwindow (“John the Ripper- Usage Examples”).WhatI learnedDuring my research I learned that password cracking is a long andCPU-intensive process.
When running John the Ripper, my CPU activity increasedto about 89%-100%. It takes a lot of processing power to crack complexpassword. Cracking a password can take hours or days depending on theprocessing power of the user’s computer. Furthermore, tools like John theRipper are relatively easy to figure out and use, which allows ordinary people,who do not necessarily have any hacking skills, to take advantage of such tools. RecommendationsPeople oftentimes think their passwords areunique and therefore safe.
However, common patterns are often used whencreating a password. Those common patterns include the use of family names,birthdays or pet names. Developers of password cracking tools are aware of suchpatterns and therefore accordingly adjust their password cracking tools. Wordlists,for example, contain commonly used passwords. Having a strong password that is unique,and complex is important. To make it more difficult for a tool to crack apassword, some rules can be followed that enhance the strength of a password.
Itis important to remember that a password should be difficult to crack but atthe same time easy to remember for the user. The size of a password and the useof upper case letters, lower case letters, numbers and special characters play animportant role. Furthermore, it is recommended to use password phrases ratherthan words, to further enhance the strength of a password.
A password phrasecould be as simple as “I have 1 Dog and 2 Cats” which would create the password”Ih1Da2C”. Password phrases are more difficult to crack since they the lettersare in random order and do not use common words used in wordlists. Furthermore,password phrases are still somewhat easy to remember (Goldberg, “Toward Better Master Passwords”).ConclusionPassword cracking does not always take a professional or skilledhacker. Tools like John the Ripper provide an easy-to-use password cracking interfacethat can be used by amateur hackers or ordinary people. Password cracking tools are becoming more and more powerfuland developers of those tools know common passwords used.
However, as password userswe can protect our data and information by applying some rules to make our passwordsstronger. More complex password might still be able to be cracked it will takemore time and skill to do so.