[joomla] Test your passwords
Scott Wolpow
scott at wolpow.com
Fri Jul 6 14:57:50 EDT 2012
We know the MD5 was vulnerable.
All the more reason to move away from it.
Or better yet, be able to choose our own hash.
SW
On 7/6/2012 2:38 PM, Gary Mort wrote:
> Think your Joomla! password is secure? Here is a simple test[assuming
> it is under 15 charectors long]
>
> Go to http://hashcat.net/hashcat-gui/ and download hashcat-gui for
> your operating system.
>
> To check just YOUR password, run the gui , use either plus or lite,
> and enter your password hash[from the database] in the field. Select
> the Joomla hash type - and then go ahead and run the cracker. See
> how long it takes to figure out your password.
>
> If your using a dictionary method, you'll need one or more wordlists,
> you can get some dictionaries from
> http://www.skullsecurity.org/wiki/index.php/Passwords
>
> If you have a website with lots of users that you want to check,
> instead you can run
> select `password` from #__users [replace #__ with your prefix. :-)] -
> and export the list to a text file to give to oclhashplus
>
> Most password crackers around are limited to passwords of less than 16
> chars[because beyond that, the algorithms change for efficient
> lookups] - so while making your own passwords greater than 16 chars
> doesn't mean instant security, it does mean that it is beyond the
> scope of script kiddies who just download crackers from the internet
> and don't know how to write their own.
>
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20120706/2d03f997/attachment.html>
More information about the Joomla
mailing list