Verifying the strength of passwords
If you allow administrative users to log into your system using their username and password, your system is only as secure as the passwords used by those users. It's a good idea to periodically attempt to crack all the passwords on your system. If you find passwords that are easy to guess or crack through brute force, you should ask users to change them.
Getting ready
For this recipe, we will be using the password-cracking program called John the Ripper. Start by installing the package named john. Refer to the Installing software packages recipe from Chapter 1, Setting Up Your System, for more details.
How to do it...
John the Ripper tries to crack passwords by brute force, which means it will try every word and combination of characters. If any user on your system has a strong password (long and complex), John will not be able to crack it in a reasonable amount of time. You should let the cracking run for a couple of days and then decide that the remaining...
