[joomla] Test your passwords
Gary Mort
garyamort at gmail.com
Fri Jul 6 14:38:21 EDT 2012
Think your Joomla! password is secure? Here is a simple test[assuming it
is under 15 charectors long]
Go to http://hashcat.net/hashcat-gui/ and download hashcat-gui for your
operating system.
To check just YOUR password, run the gui , use either plus or lite, and
enter your password hash[from the database] in the field. Select the
Joomla hash type - and then go ahead and run the cracker. See how long it
takes to figure out your password.
If your using a dictionary method, you'll need one or more wordlists, you
can get some dictionaries from
http://www.skullsecurity.org/wiki/index.php/Passwords
If you have a website with lots of users that you want to check, instead
you can run
select `password` from #__users [replace #__ with your prefix. :-)] - and
export the list to a text file to give to oclhashplus
Most password crackers around are limited to passwords of less than 16
chars[because beyond that, the algorithms change for efficient lookups] -
so while making your own passwords greater than 16 chars doesn't mean
instant security, it does mean that it is beyond the scope of script
kiddies who just download crackers from the internet and don't know how to
write their own.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20120706/ab316c7c/attachment.html>
More information about the Joomla
mailing list