Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 31 May 2012 19:05:39 +0400
From: Alexander Cherepanov <cherepan@...me.ru>
To: john-dev@...ts.openwall.com
Subject: Re: Re: Problem with --show

On 2012-05-31 14:55, magnum wrote:
> On 05/31/2012 12:34 PM, magnum wrote:
>> On 05/31/2012 12:12 PM, Alexander Cherepanov wrote:
>>> It seems that john from john-1.7.9.4-contest-v2012-05-30.tar.bz2 doesn't
>>> show some cracked passwords. Attached are .pwd and .pot files with 44
>>> examples.
>>>
>>
>> That's odd. I just confirmed this is not a problem specific to the
>> contest edition but with magnum-jumbo as well... oh, and it gets worse,
>> the same happens with released Jumbo-5 too.
>>
>> Are there some weird characters or something? I'll check this out.
>
> False alarm, I found the problem. Your pot file is not created by john,
> is it?

I don't know, they are uploaded by someone else. I found them while 
checking cracked hashes from all the team.

> It lacks the tags. Not a bug.

It's just not consistent for john to say that something is cracked 
without --show but not with it. IMHO john should either always accept 
them or always reject them.

> Try this:
> $ ./run/john --pot=good.pot bad.pwd -wo:bad.pot --format=raw-sha256
> ...
> $ ./run/john --pot=good.pot bad.pwd -wo:bad.pot --format=raw-sha1
> ...
> $ ./run/john --pot=good.pot bad.pwd -wo:bad.pot --format=dynamic_1
> ...
> $ grep 17d05d6c7f bad.pot good.pot
> bad.pot:17d05d6c7f4f194f0b6937f34737bb8c54281b0d:K<Ng5E
> good.pot:$dynamic_12$17d05d6c7f4f194f0b6937f34737bb8c54281b0d:K<Ng5E
>
> (btw using the pot file as a wordlist is a new feature, it parses any
> file ending in .pot as such)

Nice, thanks for info

WBR,
Sasha

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ