Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 11 Jul 2012 17:55:25 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: ./john --show for formats with FMT_NOT_EXACT flag set

On Wed, Jul 11, 2012 at 01:56:02PM +0200, Frank Dittrich wrote:
> BTW: why does CRC32 have the FMT_NOT_EXACT flag set?
> IMHO, this flag should indicate that the implementation used a shortcut,
> e.g., for performance reasons, and could produce false positives.
> A hash collision (as with CRC32) is different.
> If you found a password for that hash, it is valid, no matter how many
> other passwords there may be for the same hash.
> 
> The only reason to keep this flag set for CRC32 is if you do have other
> hashes for slower salted formats, and you assume that the passwords used
> for those other hashes are similar to the passwords used for CRC32.
> In this case it makes sense to find as many valid passwords as possible
> for CRC32, because you want to use those passwords as candidates for the
> slower formats...

I think that's not the only reason.  Another reason would be to find a
prettier looking or easier to remember password.  I recall that BIOS
password crackers outputted multiple valid passwords for that reason.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ