Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 06 Mar 2015 10:52:17 +0100
From: Albert Veli <albert.veli@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Generic crypt(3)

Hi, you can't fuzz the hash. You have to guess a password and then use 
the correct algorithm to translate it to a hash and finally compare if 
the hashes are the same. That is basically what john does for you. But I 
don't know if it is possible to somehow involve AFL in this process. Is it?

On 03/06/2015 10:28 AM, Kai Zhao wrote:
> Hi,
>
> I tried to crack my password with John the Ripper jumbo. There are two 
> password
> , one is right-format and another one is changed by AFL(American Fuzzy 
> Lop).
>
> right-format one: (there is one line)
>
>  root:$6$FrkHWlkw$m8p79w.oVQm8ZOmlC4BgHJgPBvfHVkmUdcSv5ayO5FcTE
> 3PPCNP8CV8NBemI6v3vO2hdNJ9mkilnSQHAmdbEe.:0:0:root:/root:/bin/bash
>
> changed one    :(there is one line)
>
> root:$6$FrkHWlkw$m8p79w.oVQm8ZOmlC4BgHJgPBvfHVkmUdcSv5ayO5FcTE
> 3PP�NP8CV8NBemI6v3vO2hdNJ9mkilnSQHAmdbEe.:0:0::/root:/bin/bash
>
> The right-format one took a lot of time and I canceled. The changed 
> one took a lot of time too. I think
> the changed one is wrong-format. Since there is a character "�" . 
> crypt(3) man page shows that the
> format should be : "$id$salt$encrypted". Also the characters in "salt" 
> and "encrypted" are draw from
> the set [a-zA-Z0-9./];
>
> However, john did not recognize the changed one as wrong-format and 
> tried to crack it.
>
> My john is downloaded from: https://github.com/magnumripper/JohnTheRipper
>
> And my compile steps are: ./configure && make -sj8
>
> Is this a bug?
>
> Thank you in advance.
>
> -- 
> loverszhaokai
> motto:You got a dream and you gotta protect it.
> github:https://github.com/loverszhaokai
> blog:http://www.cnblogs.com/lovers/


Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ