John the Ripper: An Examination and Analysis of the Popular Hash Cracking Algorithm

Abstract

In recent years, the viability of hash cracking has been questioned as industry encryption standards, salting, and timeouts have risen in popularity. John the Ripper has emerged as one of the most sophisticated open-source hash cracking tool on the market. The tool is used by cybercriminals as well as security specialists. Research Questions have been formulated to answer questions related to the viability of John the Ripper. To answer these questions, three experiments are defined and performed with varying results. We find that while John the Ripper struggles as a brute force attacker without complex customization, it has a bountiful collection of rainbow tables that make it a very efficient dictionary attacker when used against the most popular passwords and their variants. We find that John the Ripper is easily able to crack the thousand most popular passwords with its extensive open source rainbow-table; however, it struggles as a brute force attacker.