Rod.. Whitworth wrote: ...
Test with well known cracker tools and weep. I have (as root) fed a slice of master.passwd to John the Ripper with a few nologin users added using dictionary words of 7 or 8 chars as passwords and after 10 days it had not cracked one of them. I bet it takes less time on lesser hashes to get some results.
actually, I've had somewhat different results using ports/security/crack to look at how people entered a system.
A PII-450 was able to find an eight-letter dictionary PW (which was a particularly bad choice for a root PW) in a day or two, and at least one other trivial PW as well. So there is potentially some difference in the tools used.