John the Ripper (JtR) is what we call a proactive password strength checker. It relates to password security in three main ways:
1. Testing for Weak Passwords
System administrators use JtR to "attack" their own server's /etc/shadow file. The goal isn't to steal data, but to identify users who have chosen weak passwords (like password123 or 123456). If John can crack the password in a few minutes, a hacker can too.
2. Identifying "Unshadowed" Risks
As you learned, Linux splits user data (/etc/passwd) and password hashes (/etc/shadow). JtR comes with a tool called unshadow that combines these two files.
- The Lesson: This highlights why keeping the
/etc/shadowfile restricted (only readable byroot) is the most important layer of password security in Linux.
3. Understanding Hashing
JtR teaches us that passwords aren't stored as "text." They are stored as hashes.
- When you change your password using
passwd(as you did in this lab), the system runs it through a mathematical function to create a unique string of gibberish. - JtR works by taking millions of common words, hashing them, and checking if the resulting "gibberish" matches the hash in your
/etc/shadowfile.
How it relates to your current Lab:
In the previous step, you tried to set a password to newpass and the system warned you:
BAD PASSWORD: The password is shorter than 8 characters
That warning is there specifically to stop tools like John the Ripper. A 7-character password like newpass can be cracked by JtR in milliseconds, whereas a 15-character complex password could take centuries.
Summary:
John the Ripper is the "stress test" for the security measures you are learning today. It proves why the passwd command forces you to use complex passwords and why /etc/shadow must be kept hidden.
Do you want to try identifying more system files with the file command, or move on to learning about command history?
