Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 14 Jun 2012 21:00:10 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: possible bug in MySQL SHA1 format

Hi,

I found the following behaviour of john to be confusing,

$ ../run/john --format=mysql-sha1  ~/37_MySQL_hashes_uniq
Loaded 5 password hashes with no different salts (MySQL 4.1
double-SHA-1 [SSE2i 8x])
Suppressed 1 duplicate lines.
admin            (mint)
admin            (root)
admin            (test)
guesses: 3  time: 0:00:00:05 0.00% (3)  c/s: 7631K  trying: L8D - Sand1
Use the "--show" option to display all of the cracked passwords reliably
Session aborted
$ ../run/john --format=mysql-sha1  --show ~/37_MySQL_hashes_uniq  # CORRECT
mint:admin
root:admin
test:admin

3 password hashes cracked, 2 left
$ ../run/john --format=mysql-sha1  --show=left  ~/37_MySQL_hashes_uniq  # OK
admn:*C41CDE80C01C7840D262C32F5FAB08830AA4D6C7
$ ../run/john --format=mysql-sha1  ~/37_MySQL_hashes_uniq
Loaded 5 password hashes with no different salts (MySQL 4.1
double-SHA-1 [SSE2i 8x])
Remaining 2 password hashes with no different salts # BUG?
Suppressed 1 duplicate lines.
guesses: 0  time: 0:00:00:01 0.00% (3)  c/s: 1585K  trying: montr6 - morda2

...

Questions:

1. Hash "*C41CDE80C01C7840D262C32F5FAB08830AA4D6C7 " is repeated in
the input file and cracked already but why is it shown in
"--show=left"?

2. "--show=left" shows once hash left but running john shows
"Remaining 2 password hashes".

-- 
Cheers,
Dhiru

Download attachment "37_MySQL_hashes_uniq" of type "application/octet-stream" (235 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ