Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Documented that using the mailer script is not always a good idea and…

… that

proactive password strength checking should probably be deployed first.
  • Loading branch information...
commit 3a40437a6f966a0e612a84dc8f79db5cbbcb0efb 1 parent 451f12a
solar authored
Showing with 11 additions and 1 deletion.
  1. +11 −1 run/mailer
View
12 run/mailer
@@ -3,6 +3,16 @@
# This file is part of John the Ripper password cracker,
# Copyright (c) 1996-98 by Solar Designer
#
+# This is a script to send mail to all users whose passwords got cracked.
+# This is not always a good idea, though, since lots of people do not
+# check their e-mail or ignore such messages, and the messages can be a
+# hint for crackers.
+#
+# You should probably deploy proactive password strength checking, such as
+# with passwdqc, before you ask users to change their passwords - whether
+# using this script or otherwise. And you should edit the message inside
+# the script before possibly using it.
+#
if [ $# -ne 1 ]; then
echo "Usage: $0 PASSWORD-FILE"
@@ -27,7 +37,7 @@ $DIR/john -show "$1" -shells:$SHELLS | sed -n 's/:.*//p' |
mail -s 'Bad password' "$LOGIN" << EOF
Hello!
-Your password for account "$LOGIN" is insecure. Please change it as soon
+Your password for account "$LOGIN" is insecure. Please change it as soon
as possible.
Yours,
Please sign in to comment.
Something went wrong with that request. Please try again.