Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 May 2012 05:20:36 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Additions to JtR rules, arbitrary characters

On 05/21/2012 04:54 AM, jfoug@....net wrote:
> If we wanted to properly support having the john.pot deal
> with these arbitrary crap (some may not be crap, but who knows),
> then we could do something like was done  in the salt field
> within dynamic.  Having something like $HEX$hhhhhhh..
> as the password, allows detecting all possible bytes in a password,
> including NULL

What if someone really uses a $HEX$0123... password?

> I am not fully sure these are needed, as these type hashes likely
> are not ITW real hashes.

Probably we shouldn't add more complexity for such crap "passwords".
If you want to search for this kind of crap, you usually know in advance
that you'll get crap into the pot file.
So you can at least put it into a separate pot file using --pot=...

> 
> Btw, \x0A is the proper newline ;) 

Yes, Alexander immediately noticed this.

Frank

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ