Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 20 May 2012 20:16:18 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Additions to JtR rules, arbitrary characters

On 05/19/2012 11:07 PM, jfoug@....net wrote:
> I have had need for a while to insert arbitrary characters into JtR rules.
> I have made a couple of changes in rpp.c, which will now allow this.

Your patched doc/RULES text mentions $\x10 as a rule to append a newline
character.

I also noticed that appending a newline character cracked several
raw-md5 hashes from
https://www.korelogic.com/InfoSecSouthwest2012_Ripe_Hashes.html

BTW: This is another indication that these hashes contain many fakes
where people probaby used
$ echo "password"|md5sum -
instead of
$echo -n "password"|md5sum -

I used an external mode to append a newline character .

Cracking these hashes with such an external mode or with a rule $\x10
and your patched rpp.c works.
However, john.pot will also contain these newline characters.
This results in john --show reporting wrong cracked passwords, unique
removing "duplicate" empty lines, and so on.

I'm not sure how much effort should be spent supporting such faked hashes.
Can/should we try to add new options/values to john --show and/or unique?
Or is this just not worth the effort, because these passwords will never
be needed to crack real password hashes?

Frank

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ