The most common password type used is pure alphanumeric lowercase.
#WORDLIST JOHN THE RIPPER CRACKED#
The same 8-character password consisting of lowercase letters (a-z) is slightly more time-consuming, as there are 26 characters to use, and 217 billion (217,180,147,158) combinations….but it would still be cracked by the same computer in under 7 hours.Īs you can see, these password types are very insecure, hence the reason that most companies will prevent usage of these password types nowadays. That might sound like a lot, but it would typically take John the Ripper around 12 seconds to crack on a reasonably fast 3.4GHz Intel Core i7-2600 home computer. If you didn’t already know, it’s a very bad idea to use a password that is purely consistent of letters or numbers as they can very quickly be brute-forced owing to the relatively small number of combinations involved.įor example, an 8-character numeric password (consisting of values 0-9) has over 111 million (111,111,110 to be precise) password combinations. $) including upper-case and lower-case lettersĨ1% of password were pure lowercase alphanumeric Out of the 34,000 users who were hacked:ġ.3% of passwords consisted of numbers onlyĩ.6% consisted of lower-case letters onlyĨ.3% of passwords contained “non-alphanumeric” symbols or characters (e.g. Deeper analysis of this particular attack provided insight on the characteristics of common passwords used today. Somewhere in the region of 34,000 Myspace users had their passwords and usernames stolen.
In 2006, a password phishing scam was conducted on Myspace users. Some secure systems actually insist upon this. What exactly do I mean by mutate? Well for a start, a lot of people using a combination of numbers and letters to form their password. So at this stage you should have a word list text file using something like cewl, and are now ready to mutate the word list. I won’t be covering everything on John on this page, as I’d like to focus specifically on password mutating, following on from a previous page written on “spidering” webpages to extract unique words to be used for password cracking. It was developed by Alexander Peslyak who is behind the Openwall project. John the Ripper is an incredible tool for cracking passwords.