IT Pro Verdict
John the Ripper is one of the best tools that you’ll find for cracking passwords. It’s highly versatile, well supported, and free, and it should be in every security professional’s toolkit.
Pros
- +
Can crack a huge range of different password types
- +
Available for 15 operating systems
Cons
- -
Takes some setting up
- -
Requires knowledge of using the command line
John the Ripper password cracker is a security software tool that’s been in active use since it was first developed in 2002. It works on 15 operating systems, including Windows, macOS, and Linux, and combines several different password cracking functions into one package, making it one of the most frequently used password crackers today.
If you often lose or forget your passwords, the best password managers can help you manage them. But if you need to recover a password, such as for an operating system login, John the Ripper's password cracker may be just the ticket.
John the Ripper password cracker: Plans and pricing
John the Ripper is a free tool. You can download the “core” version or the “jumbo” version. The jumbo version includes several extra command-line options and can be used to crack a broader range of password types (e.g. password-protected PDFs, RAR archives, 1Password, Bitcoin, LastPass, and more).
On Linux or macOS, you can choose John the Ripper Pro. This is a pre-compiled native version of the software that’s easier to install than the core or jumbo versions. John the Ripper Pro is automatically configured to recognise multi-core processor architectures, so it will perform well on modern architectures without further modification.
You can get John the Ripper Pro for £32.47. A Pro license with free future upgrades costs £73.11, and a license with one year of email support costs £150.36.
John the Ripper password cracker: Features
John the Ripper supports a massive list of different password hash types. The jumbo version can crack over 411 types of passwords, from Unix passwords to databases and from iTunes backups to Wi-Fi passwords.
John the Ripper works on the hash of the password, not the file itself. For example, you can’t feed John the Ripper an encrypted Word document and expect to gain access to it. However, the software comes with a long list of supplemental functions that you can use to extract the password hash from your file, so John the Ripper can work out the original password from the hash.
Running John the Ripper can be as simple as typing “john mypassword.txt”. But to speed things along, you can add more command line arguments to specify how the software should run.
For example, you can set a particular word list and run a dictionary attack. If you know a few details about the password, like that it only includes lowercase letters, you can limit John the Ripper to search combinations using only those letters.
If you have a modern PC, John the Ripper has options to utilise its hardware to speed up the cracking of complex hashes. For example, you can set John the Ripper to use multiple CPU cores by adding the --fork argument.
You can also use the power of a modern graphics card to crack passwords faster. Not all hash formats can be cracked using a graphics card, however, and you’ll need to compile a few more software dependencies to get GPU cracking to work. But cracking passwords using your graphics card can be up to 10 times faster than using the CPU.
John the Ripper password cracker: Interface and in use
John the Ripper is aimed at computer users who are comfortable with using the command line and compiling software from source.
Installation depends on your operating system and requirements, but it typically first necessitates downloading the source code and any required dependencies. Then, you compile the software by running a number of commands in order.
If you prefer to use a graphical user interface (GUI), there’s a cross-platform open-source GUI for John the Ripper called Johnny.
John the Ripper password cracker: Support
John the Ripper has an excellent wiki, with step-by-step tutorials on how to build the software and use it to crack passwords. Though it’s aimed at intermediate users who are comfortable using the command line, all the steps that you need to take to get the software running are well laid out.
There are also several mailing lists for John the Ripper, which average around 30 to 40 emails per month. You can browse queries and replies sent to the mailing list all the way back to 2005.
For more official support, you can opt for John the Ripper Pro. The £73.11 package includes installation support by email for the first month, and the £150.36 package includes email support for a year.
Alternatives to John the Ripper password cracker
For a Windows program for cracking password hashes, consider Hash Suite. It has a modern graphical interface, performs well, and can crack 13 different hash types, including LMHash, NTHash, MD5, and SHA variants.
One of John the Ripper’s closest competitors is Hashcat. Like John the Ripper, it runs from the command line, and can crack a massive list of password types. But Hashcat has better support for using your graphics card (GPU) to crack passwords. So, if you have a powerful GPU, Hashcat is typically faster than John the Ripper.
John the Ripper password cracker: Final verdict
John the Ripper deserves its position as a must-have password cracking tool for system administrators.
John the Ripper isn’t easy to get started with for a typical end user, as there are several steps that you’ll need to take to get it running. But it’s not designed for occasional users who need to recover a password; it’s a comprehensive tool for cracking a wide range of hash types. This is what John the Ripper excels at.
