Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 11 Jul 2012 13:56:02 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: ./john --show for formats with FMT_NOT_EXACT flag
 set

On 06/26/2012 03:30 PM, Solar Designer wrote:
> On Tue, Jun 26, 2012 at 02:31:04PM +0200, Frank Dittrich wrote:
>> Shouldn't john --show somehow show that there are 2 possible passwords
>> for 2, may be by printing 2 separate lines?
> [...]
>> For FMT_NOT_EXACT we could also treat just those password hashes as left
>> to crack for which we don't have any password in the pot file.
>> Thoughts?
> 
> These are reasonable suggestions, although I imagine that for the latter
> the user will want to choose what to do.

What would be the use of --show=LEFT for formats with FMT_NOT_EXACT?
OK, it would convert any valid hash into the canonical hash
representation, get rid of all other columns except user name and hash,
and it would remove duplicate lines.

But to keep current behavior with a default config, a new config setting
which has to be changed by the user to get the new behavior would be OK
as well.

BTW: why does CRC32 have the FMT_NOT_EXACT flag set?
IMHO, this flag should indicate that the implementation used a shortcut,
e.g., for performance reasons, and could produce false positives.
A hash collision (as with CRC32) is different.
If you found a password for that hash, it is valid, no matter how many
other passwords there may be for the same hash.

The only reason to keep this flag set for CRC32 is if you do have other
hashes for slower salted formats, and you assume that the passwords used
for those other hashes are similar to the passwords used for CRC32.
In this case it makes sense to find as many valid passwords as possible
for CRC32, because you want to use those passwords as candidates for the
slower formats...

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.